{"id":2145,"date":"2017-02-04T23:08:58","date_gmt":"2017-02-04T22:08:58","guid":{"rendered":"http:\/\/monodes.com\/predaelli\/?p=2145"},"modified":"2017-02-04T23:08:58","modified_gmt":"2017-02-04T22:08:58","slug":"life-plus-linux-look-before-you-paste-from-a-website-to-terminal","status":"publish","type":"post","link":"https:\/\/monodes.com\/predaelli\/2017\/02\/04\/life-plus-linux-look-before-you-paste-from-a-website-to-terminal\/","title":{"rendered":"Life plus Linux: Look before you paste from a website to terminal"},"content":{"rendered":"<blockquote><p>All about making life easier and efficient with Linux<a href=\"http:\/\/lifepluslinux.blogspot.it\/2017\/01\/look-before-you-paste-from-website-to.html\"><img data-recalc-dims=\"1\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2017\/02\/wAsCWqP.gif?w=910\" alt=\"\" \/><\/a><\/p><\/blockquote>\n<p>Sorgente: <em><a href=\"http:\/\/lifepluslinux.blogspot.com\/2017\/01\/look-before-you-paste-from-website-to.html\">Life plus Linux: Look before you paste from a website to terminal<\/a><\/em><\/p>\n<p><!--more--><!--nextpage--><\/p>\n<blockquote>\n<h3 class=\"post-title entry-title\">Look before you paste from a website to terminal<\/h3>\n<div class=\"post-header\"><\/div>\n<div id=\"post-body-4140740723168384750\" class=\"post-body entry-content\">\n<div dir=\"ltr\">Most of the time when we see a code snippet online to do something, we often blindly copy paste it to the terminal. Even the tech savy ones just see it on the website before copy pasting. Here is why you shouldn&#8217;t do this. Try pasting the following line to your terminal (SFW)<\/p>\n<p><code class=\"\" data-line=\"\"> ls &lt;span class=&quot;malicious&quot;&gt; ; clear; echo &#039;Haha! You gave me access to your computer with sudo!&#039;; echo -ne &#039;h4cking ## (10%)\\r&#039;; sleep 0.3; echo -ne &#039;h4cking ### (20%)\\r&#039;; sleep 0.3; echo -ne &#039;h4cking ##### (33%)\\r&#039;; sleep 0.3; echo -ne &#039;h4cking ####### (40%)\\r&#039;; sleep 0.3; echo -ne &#039;h4cking ########## (50%)\\r&#039;; sleep 0.3; echo -ne &#039;h4cking ############# (66%)\\r&#039;; sleep 0.3; echo -ne &#039;h4cking ##################### (99%)\\r&#039;; sleep 0.3; echo -ne &#039;h4cking ####################### (100%)\\r&#039;; echo -ne &#039;\\n&#039;; echo &#039;Hacking complete.&#039;; echo &#039;Use GUI interface using visual basic to track my IP&#039;<br \/>\nls &lt;\/span&gt; -lat <\/code><\/p>\n<p>It should look something like this once it is pasted onto your terminal.<br \/>\n<iframe loading=\"lazy\" id=\"imgur-embed-iframe-pub-wAsCWqP\" class=\"imgur-embed-iframe-pub imgur-embed-iframe-pub-wAsCWqP-true-540\" src=\"http:\/\/imgur.com\/wAsCWqP\/embed?ref=http%3A%2F%2Flifepluslinux.blogspot.it%2F2017%2F01%2Flook-before-you-paste-from-website-to.html&amp;w=540\" width=\"300\" height=\"150\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><br \/>\nYou probably guessed it. There is some malicious code between <code class=\"\" data-line=\"\">ls<\/code> and <code class=\"\" data-line=\"\">-lat<\/code> that is hidden from the user<\/p>\n<p>Malicious code&#8217;s color is set to that of the background, it&#8217;s font size is set to 0, it is moved away from rest of the code and it is made un-selectable (that blue color thing doesn&#8217;t reveal it); to make sure that it works in all possible OSes, browsers and screen sizes.<\/p>\n<div class=\"embedPastebin\">\n<div class=\"embedFooter\">Data hosted with \u2665 by <a href=\"http:\/\/pastebin.com\" target=\"_blank\">Pastebin.com<\/a> &#8211; <a href=\"http:\/\/pastebin.com\/raw\/Kb2uzAyu\" target=\"_blank\">Download Raw<\/a> &#8211; <a href=\"http:\/\/pastebin.com\/Kb2uzAyu\" target=\"_blank\">See Original<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"de1\"><span class=\"re1\">.malicious<\/span> <span class=\"br0\">{<\/span><\/div>\n<div class=\"de1\">\u00a0 <span class=\"kw1\">color<\/span><span class=\"sy0\">:<\/span> <span class=\"re0\">#f3f5f6<\/span><span class=\"sy0\">;<\/span> \/\/ set it to that of the <span class=\"kw1\">page<\/span><\/div>\n<div class=\"de1\">\u00a0 <span class=\"kw1\">font-size<\/span><span class=\"sy0\">:<\/span> <span class=\"re3\">0px<\/span><span class=\"sy0\">;<\/span> \/\/ make it small<\/div>\n<div class=\"de1\">\u00a0 \/\/ move it out of the way<\/div>\n<div class=\"de2\">\u00a0 <span class=\"kw1\">position<\/span><span class=\"sy0\">:<\/span> <span class=\"kw2\">absolute<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"de1\">\u00a0 <span class=\"kw1\">left<\/span><span class=\"sy0\">:<\/span> <span class=\"re3\">-100px<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"de1\">\u00a0 <span class=\"kw1\">top<\/span><span class=\"sy0\">:<\/span> <span class=\"re3\">-100px<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"de1\">\u00a0 <span class=\"kw1\">height<\/span><span class=\"sy0\">:<\/span> <span class=\"re3\">0px<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"de1\">\u00a0 <span class=\"kw1\">z-index<\/span><span class=\"sy0\">:<\/span> &#8211;<span class=\"nu0\">100<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"de2\">\u00a0 <span class=\"kw1\">display<\/span><span class=\"sy0\">:<\/span> inline-block<span class=\"sy0\">;<\/span><\/div>\n<div class=\"de1\">\u00a0 \/\/ make it un-selectable<\/div>\n<div class=\"de1\">\u00a0 -webkit-touch-callout<span class=\"sy0\">:<\/span> <span class=\"kw2\">none<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"de1\">\u00a0 -webkit-user-select<span class=\"sy0\">:<\/span> <span class=\"kw2\">none<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"de1\">\u00a0 -khtml-user-select<span class=\"sy0\">:<\/span> <span class=\"kw2\">none<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"de2\">\u00a0 -moz-user-select<span class=\"sy0\">:<\/span> <span class=\"kw2\">none<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"de1\">\u00a0 -ms-user-select<span class=\"sy0\">:<\/span> <span class=\"kw2\">none<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"de1\">\u00a0 user-select<span class=\"sy0\">:<\/span> <span class=\"kw2\">none<\/span><span class=\"sy0\">;<\/span><\/div>\n<div class=\"embedPastebin\">\n<div class=\"de1\"><span class=\"br0\">}<\/span><\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<div class=\"embedPastebin\">\n<div class=\"embedFooter\">Data hosted with \u2665 by <a href=\"http:\/\/pastebin.com\" target=\"_blank\">Pastebin.com<\/a> &#8211; <a href=\"http:\/\/pastebin.com\/raw\/jbNLRLce\" target=\"_blank\">Download Raw<\/a> &#8211; <a href=\"http:\/\/pastebin.com\/jbNLRLce\" target=\"_blank\">See Original<\/a><\/div>\n<\/div>\n<div class=\"de1\"><span class=\"sc2\">&lt;<span class=\"kw2\">span<\/span>&gt;<\/span>ls<span class=\"sc2\">&lt;<span class=\"sy0\">\/<\/span><span class=\"kw2\">span<\/span>&gt;<\/span><\/div>\n<div class=\"de1\"><span class=\"sc2\">&lt;<span class=\"kw2\">span<\/span> <span class=\"kw3\">class<\/span><span class=\"sy0\">=<\/span><span class=\"st0\">&#8220;malicious&#8221;<\/span>&gt;<\/span><\/div>\n<div class=\"de1\">\u00a0 ; clear; echo &#8216;Haha! You gave me access to your computer with sudo!&#8217;;<\/div>\n<div class=\"de1\">\u00a0 echo -ne &#8216;h4cking ## \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0(10%)\\r&#8217;;<\/div>\n<div class=\"de2\">\u00a0 sleep 0.3;<\/div>\n<div class=\"de1\">\u00a0 echo -ne &#8216;h4cking ### \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (20%)\\r&#8217;;<\/div>\n<div class=\"de1\">\u00a0 sleep 0.3;<\/div>\n<div class=\"de1\">\u00a0 echo -ne &#8216;h4cking ##### \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (33%)\\r&#8217;;<\/div>\n<div class=\"de1\">\u00a0 sleep 0.3;<\/div>\n<div class=\"de2\">\u00a0 echo -ne &#8216;h4cking ####### \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (40%)\\r&#8217;;<\/div>\n<div class=\"de1\">\u00a0 sleep 0.3;<\/div>\n<div class=\"de1\">\u00a0 echo -ne &#8216;h4cking ########## \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0(50%)\\r&#8217;;<\/div>\n<div class=\"de1\">\u00a0 sleep 0.3;<\/div>\n<div class=\"de1\">\u00a0 echo -ne &#8216;h4cking ############# \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (66%)\\r&#8217;;<\/div>\n<div class=\"de2\">\u00a0 sleep 0.3;<\/div>\n<div class=\"de1\">\u00a0 echo -ne &#8216;h4cking ##################### \u00a0 \u00a0 (99%)\\r&#8217;;<\/div>\n<div class=\"de1\">\u00a0 sleep 0.3;<\/div>\n<div class=\"de1\">\u00a0 echo -ne &#8216;h4cking ####################### \u00a0 (100%)\\r&#8217;;<\/div>\n<div class=\"de1\">\u00a0 echo -ne &#8216;\\n&#8217;;<\/div>\n<div class=\"de2\">\u00a0 echo &#8216;Hacking complete.&#8217;;<\/div>\n<div class=\"de1\">\u00a0 echo &#8216;Use GUI interface using visual basic to track my IP&#8217;<span class=\"sc2\">&lt;<span class=\"kw2\">br<\/span>&gt;<\/span> ls<\/div>\n<div class=\"de1\"><span class=\"sc2\">&lt;<span class=\"sy0\">\/<\/span><span class=\"kw2\">span<\/span>&gt;<\/span><\/div>\n<div class=\"embedPastebin\">\n<div class=\"de1\"><span class=\"sc2\">&lt;<span class=\"kw2\">span<\/span>&gt;<\/span>-lat <span class=\"sc2\">&lt;<span class=\"sy0\">\/<\/span><span class=\"kw2\">span<\/span>&gt;<\/span><\/div>\n<\/div>\n<p>This can be worse. If the code snippet had a command with <code class=\"\" data-line=\"\">sudo<\/code> for instance, the malicious code will have <code class=\"\" data-line=\"\">sudo<\/code> access too. Or, it can silently install a keylogger on your machine; possibilities are endless. So, the lesson here is, make sure that you paste code snippets from untrusted sources onto a text editor before executing it.<\/p>\n<p>Thanks for reading!<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p class=\"excerpt\">All about making life easier and efficient with Linux Sorgente: Life plus Linux: Look before you paste from a website to terminal<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"https:\/\/monodes.com\/predaelli\/2017\/02\/04\/life-plus-linux-look-before-you-paste-from-a-website-to-terminal\/\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-2145","post","type-post","status-publish","format-standard","hentry","category-senza-categoria"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6daft-yB","jetpack-related-posts":[{"id":11319,"url":"https:\/\/monodes.com\/predaelli\/2024\/02\/09\/how-to-record-and-replay-terminal-sessions-in-linux\/","url_meta":{"origin":2145,"position":0},"title":"How to Record and Replay Terminal Sessions in Linux","author":"Paolo Redaelli","date":"2024-02-09","format":false,"excerpt":"How to Record and Replay Terminal Sessions in Linux That is, just use script command...","rel":"","context":"In &quot;Documentations&quot;","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9935,"url":"https:\/\/monodes.com\/predaelli\/2022\/12\/21\/pv-show-progress-for-copy-backup-compress-data-in-linux\/","url_meta":{"origin":2145,"position":1},"title":"Pv &#8211; Show Progress for [Copy\/Backup\/Compress] Data in Linux","author":"Paolo Redaelli","date":"2022-12-21","format":false,"excerpt":"Pv - Show Progress for [Copy\/Backup\/Compress] Data in Linux Pv is a terminal-based tool that allows you to monitor the progress of data such as coping\/moving\/backing up files that are being sent through a pipe. Learn everyday something new... never stop learning. (Source tecmint.com)","rel":"","context":"In &quot;Documentations&quot;","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10989,"url":"https:\/\/monodes.com\/predaelli\/2023\/12\/05\/terminals-renaissance\/","url_meta":{"origin":2145,"position":2},"title":"Terminals renaissance","author":"Paolo Redaelli","date":"2023-12-05","format":false,"excerpt":"How far have we gone since DEC VT100! All those terminal emulator have evolved a lot from the humble Xterm... In recent years we have seen several \"modern\" terminal emulators. A first wave focused on being shiny and polished or just stylish such as cool-retro-term (which is shamefully not listed\u2026","rel":"","context":"In &quot;Software&quot;","block_context":{"text":"Software","link":"https:\/\/monodes.com\/predaelli\/category\/software\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/12\/wave-modern-terminal.webp?fit=1200%2C799&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/12\/wave-modern-terminal.webp?fit=1200%2C799&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/12\/wave-modern-terminal.webp?fit=1200%2C799&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/12\/wave-modern-terminal.webp?fit=1200%2C799&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/12\/wave-modern-terminal.webp?fit=1200%2C799&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":10844,"url":"https:\/\/monodes.com\/predaelli\/2023\/10\/07\/how-to-use-the-bg-command-on-linux-pi-my-life-up\/","url_meta":{"origin":2145,"position":3},"title":"How to use the bg Command on Linux &#8211; Pi My Life Up","author":"Paolo Redaelli","date":"2023-10-07","format":false,"excerpt":"Well, I learned a couple of details I didn't knew from How to use the bg Command on Linux - Pi My Life Up How to use the bg Command on Linux by Emmet Published Feb 06, 2022 Linux Commands \u00a0 In this guide, we will be showing you how\u2026","rel":"","context":"In &quot;Senza categoria&quot;","block_context":{"text":"Senza categoria","link":"https:\/\/monodes.com\/predaelli\/category\/senza-categoria\/"},"img":{"alt_text":"Emmet Avatar","src":"https:\/\/i0.wp.com\/pimylifeup.com\/wp-content\/uploads\/2022\/04\/pimylifeup_editor_avatar.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":11401,"url":"https:\/\/monodes.com\/predaelli\/2024\/03\/04\/still-no-ligatures\/","url_meta":{"origin":2145,"position":4},"title":"Still no ligatures","author":"Paolo Redaelli","date":"2024-03-04","format":false,"excerpt":"Black Box is a GTK4 Terminal App With a Unique Look - OMG! Ubuntu Black Box is a GTK4 terminal emulator for Linux desktops. It boasts innovative UI features, 12 terminal themes, and is easy to install from Flathub. Nice, but still, font ligatures support is missing as it requires\u2026","rel":"","context":"In &quot;Fonts&quot;","block_context":{"text":"Fonts","link":"https:\/\/monodes.com\/predaelli\/category\/fonts\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9712,"url":"https:\/\/monodes.com\/predaelli\/2022\/10\/09\/console-apps-for-gnome\/","url_meta":{"origin":2145,"position":5},"title":"Console \u2013 Apps for GNOME","author":"Paolo Redaelli","date":"2022-10-09","format":false,"excerpt":"Console \u2013 Apps for GNOMETerminal Emulator \u2013 A simple user-friendly terminal emulator for the GNOME desktop. For Heaven's sake why they have called its binary kgx instead of a self-explanatory gnome-console?","rel":"","context":"In &quot;GNU\/Linux&quot;","block_context":{"text":"GNU\/Linux","link":"https:\/\/monodes.com\/predaelli\/category\/gnulinux\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/2145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/comments?post=2145"}],"version-history":[{"count":0,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/2145\/revisions"}],"wp:attachment":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/media?parent=2145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/categories?post=2145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/tags?post=2145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}