[VicPiMakers Projects] Copy/Paste into Terminal (don't)

Craig Miller cvmiller at gmail.com
Tue Jun 4 11:32:47 PDT 2024 

Deid,

Yes, that is exactly what it shows. And this is a non-dangerous example 
(which is why I sent it). But that doesn't mean others are always 
non-dangerous.

The context is  copy/paste code from stackoverflow.com (or similar 
sites). Apparently some folks have been putting malware into the answers.

Craig...

On 6/4/24 11:12, Deid Reimer wrote:
> Hi Craig,
>
> When I copy the offending line into vi I see:
>
> git clone /dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e 
> '!\nThat was a bad idea. Don'"'"'t copy code from websites you 
> don'"'"'t trust!
> Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwd
> git clone git://git.kernel.org/pub/scm/utils/kup/kup.git
>
>
> Which is concerning but not really dangerous.
>
> When I copy and paste this into a terminal session I see:
>
> Hello deid!
> That was a bad idea. Don't copy code from websites you don't trust!
> Here's the first line of your /etc/passwd:
> root:x:0:0:root:/root:/bin/bash
> deid at 32gig:~/gitstuff/kup$ git clone 
> git://git.kernel.org/pub/scm/utils/kup/kup.git
>
> Note that the "evil" part runs without you entering a newline as it 
> supplies its own \n characters.
>
> Moral, I think, paste everything into an editor first.
>
> Or look at the source code - if you have the time and patience.
>
>  <p class="codeblock">
>       <!-- Oh noes, you found it! -->
>       git clone
>       <span style="position: absolute; left: -100px; top: 
> -100px">/dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e 
> '!\nThat was a bad idea. Don'"'"'t copy code from websites you 
> don'"'"'t trust!<br>Here'"'"'s the first line of your /etc/passwd: 
> ';head -n1 /etc/passwd<br>git clone </span>
>       git://git.kernel.org/pub/scm/utils/kup/kup.git
>     </p>
>
> Or, give up and just have gin and tonic for breakfast.
>
>
>
> Deid
>
>
>
> On 2024-06-04 08:58, Craig Miller wrote:
>> Hey folks, I found this, and hadn't seen it before. It has to do with 
>> hidden stuff on your screen, that pastes differently into your terminal.
>>
>> https://thejh.net/misc/website-terminal-copy-paste
>>
>> Copy and paste the example into an EDITOR (not your terminal) to 
>> reveal the "extra commands hidden in the line"
>>
>> Craig...
>>
>
-- 
IPv6 is the future, the future is here
ipv6hawaii.org

More information about the Projects mailing list