It’s just Copy and Paste, what could go wrong?
$ sudo rm -fr /
This is a secret command used to save storage spaces in Linux try executing on your company’s production server.
That’s a lie don’t execute it !!!!!!!!
It is a command that will delete all the files including OS files, from the root directory to all the individual files (in a way it saves storage space though XD). Now you know what this command is capable of, you will not execute it anywhere but what if someone tricked you to do so?
Now Imagine, You want to install tmux on your ubuntu machine but you forgot the package name so you google it and end up in a blog like this:
Now you just copy (Ctrl+c) that and paste (Ctrl+v) it in your terminal.
Wait what?? I didn’t copy echo “hacked”, then how did it end up in my copied string?
Let us look at the source code of the blog from which we copied the commands
What is that weird javascript? Yes, with javascript we can see and modify the data in your clipboard which means any website you visit has control over your clipboard. What if instead of injecting an echo a hacker injects the dangerous command which we saw earlier?
you can try this here ( echo ):https://cutt.ly/5zfNyPu (will be active only before 30 March 2021)
or if you prefer code you can find it here: https://github.com/goddamnnoob/copypaste
This blog is completely based on a video by SekurakTV (https://youtu.be/gyO-q8vY1e0)
спасибо :) — Mudhalai Mr (DSC SASTRA deemed university)
