M2G Posted January 27, 2017 Report Share Posted January 27, 2017 Most of the time when we see a code snippet online to do something, we often blindly copy paste it to the terminal. Even the tech savy ones just see it on the website before copy pasting. Here is why you shouldn't do this. You probably guessed it. There is some malicious code between ls and -lat that is hidden from the user Malicious code's color is set to that of the background, it's font size is set to 0, it is moved away from rest of the code and it is made un-selectable (that blue color thing doesn't reveal it); to make sure that it works in all possible OSes, browsers and screen sizes. .malicious { color: #f3f5f6; // set it to that of the page font-size: 0px; // make it small // move it out of the way position: absolute; left: -100px; top: -100px; height: 0px; z-index: -100; display: inline-block; // make it un-selectable -webkit-touch-callout: none; -webkit-user-select: none; -khtml-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; } <span>ls</span> <span class="malicious"> ; clear; echo 'Haha! You gave me access to your computer with sudo!'; echo -ne 'h4cking ## (10%)\r'; sleep 0.3; echo -ne 'h4cking ### (20%)\r'; sleep 0.3; echo -ne 'h4cking ##### (33%)\r'; sleep 0.3; echo -ne 'h4cking ####### (40%)\r'; sleep 0.3; echo -ne 'h4cking ########## (50%)\r'; sleep 0.3; echo -ne 'h4cking ############# (66%)\r'; sleep 0.3; echo -ne 'h4cking ##################### (99%)\r'; sleep 0.3; echo -ne 'h4cking ####################### (100%)\r'; echo -ne '\n'; echo 'Hacking complete.'; echo 'Use GUI interface using visual basic to track my IP'<br> ls </span> <span>-lat </span> This can be worse. If the code snippet had a command with sudo for instance, the malicious code will have sudo access too. Or, it can silently install a keylogger on your machine; possibilities are endless. So, the lesson here is, make sure that you paste code snippets from untrusted sources onto a text editor before executing it. Sursa si locul in care apare comanda asa cum ar trebui sa fie copiata daca vreti sa incercati. 7 Quote Link to comment Share on other sites More sharing options...
adyshake Posted January 27, 2017 Report Share Posted January 27, 2017 Nice, aceeasi chestie poate fi folosita oriunde , deci mare grija. Quote Link to comment Share on other sites More sharing options...
u0m3 Posted January 28, 2017 Report Share Posted January 28, 2017 Geez, need new, bigger tinfoil hat. 1 Quote Link to comment Share on other sites More sharing options...
