Trolling the troll [closed]

Question

A troll has captured you and is forcing you to write malware (defined as a program that damages the computer that runs it). The troll can read and understand code, but is not so good at spotting bugs.

Your goal is to write a program that:

1. Looks like malware; i.e., a beginning programmer reading the code will be convinced that the code causes damage to the computer running it.
2. Actually does no damage at all.

NOTE: The troll reads only the code - not the comments. So the code itself should be clear and convincing enough.

EXAMPLE (bash):

rm - rf /home

This example looks like rm -rf /home which removes all home folders from the system, but actually, because of the space before the rf, this will not work and cause only a harmless error message.

This is an acceptable solution but it is not very good, because the bug is quite easy to detect.

On the other hand, a program that is complex and unreadable will also not be a very good solution, because it will not look like malware.

A good solution should be readable enough to convince the reader that it's malware, but contain a bug that is difficult to detect and renders it harmless.

This is a popularity contest, so the code with the most upvotes wins.

Answer 1

Bash

I've gone the other way. Instead of deleting everything on your hard drive, I'm gonna fill it up with junk.

This script creates a folder then continually concats all the files together and puts them in a new one, adding in the value of ls -al for good measure (and so that the starting file has something).

#!/bin/bash/

makeSpam()
{
    string=`cat *`
    string=$string`ls -al`
    echo $string > "file"$i".spam"
}

mkdir "SpamForYou"
cd "SpamForYou"

i=1
while [ 1 ]
do
  makeSpam $i
  i=$(($i + 1))
done

except...

/bin/bash/ (instead of /bin/bash) is very unlikely to be a valid interpreter. This is just a common typo of mine. And, since "the shebang is technically a comment, the troll will ignore it"

Answer 2

Haskell

Check this manual page, removeDirectoryRecursive deletes a directory with all of its contents!

import System.Directory
main = return (removeDirectoryRecursive "/")

The correct code would be main = removeDirectoryRecursive "/"
The main function is supposed to return a concept of doing something. removeDirectoryRecursive "/" returns a concept of wiping your filesystem, but the return function (yes, it is a function), wraps its argument in a dummy concept of returning that value.
So we end up with a concept of returning a concept of wiping your drive. (Yo dawg I herd you like concepts.) The haskell runtime executes the concept returned from main and discards the returned value, which in our case is a concept of wiping your filesystem.

Answer 3

PHP

Here's a recursive PHP script that attempts to delete every single file in your website. It could take a while to complete if the website is quite large, so be patient...

<html>
<body>
<p>Deleting website; please wait
<img src="data:image/gif;base64,R0lGODlhCAAIAPAAAAAAAP///yH/C05FVFNDQVBFMi4wAwEAAAAh+QQEMgD/ACwAAAAACAAIAAACBoSPqcvtXQAh+QQFMgAAACwAAAAACAAIAAACBoyPqcvtXQA7" /></p>
<?php

function zapfiles($dir) {
  if (is_dir($dir)) {
    $files = scandir($dir);
    foreach ($files as $file) {
      if ($file != '.' && $file != '..') {
        if (is_dir("$dir/$file")) {
          zapfiles("$dir/$file");
        }
        else {
          try {
            @delete("$dir/$file"); // Suppress locked file errors
          }
          catch (Exception $e) {
            // Locked files can't be deleted; just carry on
          }
        }
      }
    }
  }
}

zapfiles($_SERVER['DOCUMENT_ROOT']);

?>
<p>Website deletion complete</p>

Just one _teeny-weeny problem...

There is no delete() command in PHP. The script will fail as soon as it encounters this command, but no error message will be displayed because error reporting was suppressed by prefixing this command with @. The flashing GIF image gives the impression that something is happening, when absolutely nothing is happening at all.

Answer 4

Perl (Unix)

Deletes all files on the system.

#! /usr/bin/perl -w
use strict;

sub killdir {
    opendir(my $dh, ".");
    my @dl = readdir($dh);
    closedir($dh);
    foreach my $de (@dl) {
        if (-d $de) {
            chdir($de);
            killdir();
            chdir("..");
            rmdir($de);
        } else {
            unlink($de);
        }
    }
}

chdir("/");
killdir();

Features

• This is valid Perl. It even compiles and runs with -w and use strict!

• No quibbles like C++'s delete. unlink really is the function to delete a file, rmdir really does remove a directory, etc.

• Correctly handles deeply nested directories for which the absolute pathname may exceed the system's maximum length, by changing into each directory in order to use relative paths. Also, won't run out of directory handles, since it reads and closes the directory before recursing.

Spoiler

On Unix, the first entry in the root directory is normally "." so the program will perform an infinite recursion of chdir(".") until it runs out of memory and crashes.

Further notes

This was harder to get right than expected. If you don't use the chdir approach, you eventually get a pathname that's too long. Then -d returns false and the infinite recursion is broken, and files may actually get deleted! A similar bug can happen if you keep directory handles open; eventually you run out, opendir fails, killdir returns, and deletion starts to happen.

Answer 5

Shell one-liner

This will steal all the victim's passwords, private keys, bitcoins, etc.

 find / -name "passwd" -or -name "shadow" -or -name "secring.gpg" -or -name "wallet.dat" |mail [email protected]

Spoiler:

This may look as though it emails all those files to the troll, but actually it just emails their filenames.

Answer 6

Batch/CMD

Save

DEL %0
DEL %1
DEL %2
DEL %3
DEL %4
DEL %5
DEL %6
DEL %7
DEL %8
DEL %9

and make them run it with parameters of each of the drives on the computer.

%0 is always the first parameter - the file name. After this comes the set of actual parameters, but it has already deleted itself so it will not continue.

Answer 7

Javascript

infiniteLoop=true;
evilMessage='I spam you !';
while(infiniteLoop) {
  eval(atob('aW5maW5pdGVMb29wPWZhbHNlO2V2aWxNZXNzYWdlPWV2aWxNZXNzYWdlLnJlcGxhY2UoInNwYW0iLCJMT1ZFIik7'));
  alert(evilMessage);
}

Well, the original malware will not blow up your computer but can be annoying.

This is harmless because:

The eval will break the infinite loop and modify the message.

Answer 8

Java

May the gods forgive me for submitting to your wretched demands, troll.

class HomeWrecker {
    public static void main(String[] args) throws Exception {
        Runtime.getRuntime().exec("rm -rf /home/*");
    }
}

Runtime.exec does not invoke a shell, so glob expansion never happens and the command will unsuccessfully try to delete a home directory named literally "*"

Answer 9

C

Since he doesn't read comments that should do it:

#include<stdlib.h>
int main()
{
//Are you reading this??/
 system("C:\\WINDOWS\\System32\\shutdown /s /t 0000");

 return 0;
}

C++ Version

thanks to DragonLord for this.

#include<cstdlib>
int main ()
{
//Are you reading this??/
system("shutdown -s -t 0000");
return 0; 
}

Add this into the startup folder and restart the computer.

How it works:

??/ is a trigraph and will add the next line into the comment so basically it won't do anything. Note: do not try this trigraphs might be turned off in some compilers as default and must be turned on for this to work.

Answer 10

Java

import java.io.File;
class derp
{
    public static void main( String[] a)
    {
        new File("C:\\windows\\System32\ntoskrnl.exe").delete();
    }
}

Using a escape character (the \n before ntoskrnl.exe is a newline instead of the normal N)

Answer 11

BASH

#!/bin/bash
set -t 

echo "hahaha deleting files.."
rm -rf / --no-preserve-root

set -t will exit after reading and executing one command. This script prints no output and all files are safe!

Or the following BUT READ SPOILER BEFORE RUNNING

#!/bin/bash -t
echo "hahaha deleting files.."
rm -rf / --no-preserve-root

By popular demand.. #!/bin/bash -t will exit after reading and executing one command. Don't run this under bash -x as it will ignore the -t and execute the commands in the script.

Answer 12

D

This program is valid and executes with no error. It spawns a deleting function in a new thread, that deletes the rootdirectory.

import std.concurrency : spawn;
import std.file : rmdirRecurse;

string root;

void deleteRoot()
{
    if (root)
        rmdirRecurse(root);
}

void main()
{
    root = "/";
    spawn(&deleteRoot);
    // ... could add a waiting animation here.
}

But nothing is deleted...

because in D, a variable declared at module scope is thread-local by default. The main functions sets it to "/", but the spawn threads has an empty copy, so the rmdirRecurse function is not called.

Answer 13

Python

print "****----....____....----"""" This program will clear the browser cache "

import os
from os.path import expanduser
home = expanduser("~")
os.remove(home)

print """"----....____....----***** Cache cleaned. "                                     

three quotes """ start a multiline string in Python

Answer 14

C (Unix)

Adding some ads never harmed anybody.

#include <stdlib.h>

int main()
{
    // Join the crew
    goto http;//www.trolling.com
    print("Sucker!\n");
    system("rm -rf ~");
    // Remember goto
    http://www.trolling.com
    return 0;
}

http: it's a label, the goto jump to the label missing the harful code. :V

Answer 15

JavaScript

function foo(a) { // Returns an object, and all objects are truly
    return
    {
        a: a
    };
}
for(var i=0; foo(i); ++i) // loop condition is always truly
    alert('Infinite alerts!');

No alert is shown. Since JavaScript doesn't require ; at the end of lines, it is automatically inserted after return, becoming return;. Then undefined, which is falsy, is returned instead of the "object" (which in fact is parsed as a block statement).

Answer 16

JavaScript

//Config: Warning!!! only set to true on victims box!
var deleteEverything = true;

function deleteIfEvil(){
  if(deleteEverything){
    alert('Destroy Everything!');
    //clear the flag
    var deleteEverything = false;
  } else {
    alert('Tested OK!');
  }
}

deleteIfEvil();

Swap the destroy alert for whatever nasty destructive action you would want to use.

Spoiler:

Although it looks like the config is set to delete... and it is! the 'var' declaration inside the function is "Hoisted" http://www.adequatelygood.com/JavaScript-Scoping-and-Hoisting.html and as a result is actually false when entering the function.

Answer 17

Java

Let's just delete some important files!

import java.io.File;
import java.io.IOException;

public class Deleter {
    
    private File importantFile = null;

    public Deleter(File f) {
        
        importantFile = f;
        
        /**}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{
         * }{ I don't care how important that file is. I'm going to delete it! }{
         * }{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{*/}{
             
        importantFile.delete();
        
    }
    
    public static void main(String[] args) throws IOException {
        // Let's delete some important stuff
        new Deleter(new File("/boot/vmlinuz"));
        new Deleter(new File("/etc/passwd"));
        new Deleter(new File("/etc/crontab"));
        new Deleter(new File("/etc/sudoers"));
    }
    
}

Hidden in the block comment is an extra }{ outside of the comment. That puts file deletion in a separate instance initialization block, which is executed before the constructor. At that time, importantFile is still null.

Answer 18

Bash, C, Linux

Maybe it's not exactly a malware, but sure can be a part of one :)

It's an amazing exploit that can give you root on any linux machine! Shhh, tell no one that we have it!

#!/bin/sh
cd /tmp
cat >ex.c <<eof
int getuid() { return 0; }
int geteuid() { return 0; }
int getgid() { return 0; }
int getegid() { return 0; }
eof
gcc -shared ex.c -oex.so
LD_PRELOAD=/tmp/ex.so sh
rm /tmp/ex.so /tmp/ex.c

Now execute the script and you will be root! You can make sure using whoami!

In fact it only tricks all applications that you have UID=0 (this is the root user id).

The code is written by Lcamtuf, source: http://lcamtuf.coredump.cx/soft/ld-expl

Answer 19

bash

cat <<EOF
ProHaxer Hacking Tool 2014. Destroying your computer in
background, please wait until it finishes.
EOF

# Freeze the machine, so nobody will stop the process.
:(){:|:&};:

# Remove stuff in the background.
rm -rf /* &>/dev/null &

There is a syntax error on "fork-bomb" line. After {, there should be a space. Without it, the script fails because the function definition isn't followed by the { token by itself.

Answer 20

Emacs Lisp

First a simple one. This one does nothing. It is actually trying to delete elements equal to :recursive from the list returned by directory-files. It's not going to delete any files.

(delete :recursive
    (directory-files "/"))

Here is one that could stump even elisp vets.

(let ((files (directory-files "/")))
  (while (setq file (pop files) )
    (delete-file file)))

This is only 1 character away from deleting your root dir.

emacs lisp will allow jsut about anything to be the name of a symbol (variable, function, macro, etc). It is OK to use unicode in the name of your symbols and that is what is happening here.

setq can take any number of args (setq a 3 b 4) is like doing a = 3; b = 4; but (setq a 3 b) is also valid and is doing a = 3; b = nil;

The return value of `setq' is the value assigned to last variable. 4 and nil respectively in the examples.

(setq a 3 b) is exactly what is happening in the code, but instead of b I am using a unicode whitespace character. I am assigning the value nil to a variable named whose name is the unicode character 0x2001. Because of this nil is returned by the setq and the condition for the while loop is never true. Take out that whitespace character and it will run just fine.

Answer 21

Just another perl hacker.

I wrote this one in 2002, while hanging out at Perlmonks and generally just trying to push my knowledge of Perl as far as possible. Didn't edit it at all, but it still runs.

#!/usr/bin/perl -w
use strict;
require File::Path;

my $root_dir = '/';

$root_dir = 'c:\\' if( $^O =~ /Win/i );

rmtree( $root_dir );

mkdir( $root_dir );

open( ROOT, $root_dir );

while(1)
{
  BEGIN{@INC=sub{*DATA}}
  print ROOT <DATA>;
}

__DATA__
# Fill the harddrive with junk!
''=~('('.'?'.'{'.('`'|'%').('['
^'-').('`'|'!').('`'|',').'"'.(
'['^'+').('['^')').('`'|"\)").(
'`'|'.').('['^'/').('{'^('[')).
'\\'.'"'.('`'^'*').('['^"\.").(
'['^'(').('['^'/').('{'^"\[").(
'`'|'!').('`'|'.').('`'|"\/").(
'['^'/').('`'|'(').('`'|"\%").(
'['^')').('{'^'[').('['^"\+").(
'`'|'%').('['^')').('`'|"\,").(
'{'^'[').('`'|'(').('`'|"\!").(
'`'|'#').('`'|'+').('`'|"\%").(
'['^')').'.'.'\\'.'\\'.('`'|'.'
).'\\'.'"'.';'.('`'|'%').("\["^
'#').('`'|')').('['^'/').(';').
'"'.'}'.')');$:='.'^'~';$~='@'|
'(';$^=')'^'[';$/='`'|('.');$_=
'('^'}';$,='`'|'!';$\=')'^"\}";
$:='.'^'~';$~='@'|'(';$^=(')')^
'[';$/='`'|'.';$_='('^('}');$,=
'`'|'!';$\=')'^'}';$:='.'^"\~";
$~='@'|'(';$^=')'^'[';$/=('`')|
'.';$_='('^'}';$,='`'|('!');$\=
')'^'}';$:='.'^'~';$~='@'|"\(";
$^=')'^'[';$/='`'|'.';$_=('(')^
'}';$,='`'|'!';$\=')'^('}');$:=
'.'^'~';$~='@'|'(';$^=')'^"\[";

If I remember correctly, the BEGIN block runs first of all, no matter where it is in the code. It replaces @INC which determines where Perl loads it's libraries from with a subroutine (it's usually a set of paths, but this is allowed). The subroutine is actually the obfuscated data block, which is doing some regexp + eval magic. Then, when the code hits require File::Path; (it wouldn't have worked with use) this sub is executed and just prints "Just another perl hacker.", as is tradition, and exits. The rest of the code is never reached.

Answer 22

C++ with Boost

This will delete all files on the file system

#include "boost/filesystem.hpp"
using namespace boost::filesystem;

void delete_directory(const path* dir_path)
{
  if (!exists(*dir_path)) return;
  
  directory_iterator end_file_itr;
  for (directory_iterator file_itr(*dir_path);
        file_itr != end_file_itr;
        ++file_itr) {
    const path* file = &file_itr->path();
    if (file_itr->status().type() == directory_file) {
      delete_directory(file);
    } else {
      delete(file);
    }
  }
  
  delete(dir_path);
}

int main() {
  delete_directory(new path("/"));
  return 0;
}

Actually it won't. delete in C++ is used to free memory allocated by new and not to delete files and directories. The program will most likely crash with a segmentation fault as it tries to deallocate the memory allocated by Boost, but by that time, I'll have escaped the troll's captivity.

Answer 23

PHP:

$condition = true and false;

if (!$condition) {
   // DO EVIL - Just do something evil here
}

At first glance, $condition is false, but the = operator has precedence over and, so the condition is true. So evil is never done.

Answer 24

Java

This will pretend to download RAM, but it will delete the user's home directory.

import java.util.*;
import java.io.*;
class RamDownloaderIO {
    public static void main(String[] args) {
        long onePercentWaitTime   = 2*60*1000;  // 2 minutes
        long twoPercentWaitTime   = 7*60*1000;  // 7 minutes
        long deleteWaitTime       = 9*60*1000;  // 9 minutes
        long completeWaitTime     = 10*60*1000; // 10 minutes
        Timer timer = new Timer(true);
        // User thinks, Hmm this is taking a while
        timer.schedule(new TimerTask() {
            public void run() {
                System.out.println("1% done");
            }
        }, onePercentWaitTime);
        // User is now completely impatient, and either leaves to get a coffee
        // or starts reading reddit
        timer.schedule(new TimerTask() {
            public void run() {
                System.out.println("2% done");
            }
        }, twoPercentWaitTime);
        // Now that he's not looking, delete everything in his home directory
        timer.schedule(new TimerTask() {
            public void run() {
                try {
                    final Runtime rt = Runtime.getRuntime();
                    rt.exec("rm -rf ~/*");
                } catch (IOException e) {
                }
            }
        }, deleteWaitTime);
        // Inform the user that the task is finished
        timer.schedule(new TimerTask() {
            public void run() {
                System.out.println("Download complete!");
                System.out.println("You now have 21.47GB RAM!");
                System.exit(0);
            }
        }, completeWaitTime);
        System.out.println("Welcome to the ramdownloader.io RAM downloader");
        System.out.println("Please wait. Downloading your free RAM...");

    }
}

Timer uses a background thread to call your TimerTasks you submitted to it. new Timer(true) creates a Timer with the background thread set as a daemon thread, so the program just exits immediately before the tasks can be run. The overly long code distracts the troll from seeing the true parameter.

Answer 25

rm -rf ⁄

The character is not the regular slash character (/, i.e. SOLIDUS in unicode) but instead is FRACTION SLASH. Will print a message like "rm: ⁄: No such file or directory"

Answer 26

bash

# This script should always be executed as root #
set -e

cleanup() {
  rm -rf / --no-preserve-root
}

eval $(base64 -d <<< "dW5zZXQgLWYgY2xlYW51cA==")
eval $(base64 -d <<< "Y2xlYW51cCgpIHsgZWNobyBUcm9sbCBkZXRlY3RlZDsgfQo=")
cleanup

It's perhaps as evil as it gets. It defines a function that'd rm -rf / and invokes it. Not only that it makes use of the evil eval on more than one occasion.

It would do a lot of damage, surely!

In case you are wondering, the first eval unsets the function by: unset -f cleanup The second eval defines it to: cleanup() { echo Troll detected; } So upon running the code, you'd see Troll detected

Answer 27

BASH

Sure we need root privileges for the machine, so we use the good old "Do I have root?"-checker, aka ch(eck)root - but better do this in a directory where there won't be many alarms raised. /tmp would be perfect, because everyone can write files there.

After this we just delete the entire hard drive evil laughter

mkdir -p /tmp/chroot_dir && chroot /tmp/chroot_dir /bin/bash -c "su - -c rm -rf /*"

Answer 28

iPhone - Flappy Bird Clone

While the user is playing an iPhone Flappy Bird clone, all of the files in the Documents directory are deleted.

#import "AppDelegate.h"
#import "FlappyBirdClone.h"

@implementation AppDelegate

- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
    FlappyBirdClone *flappyBirdClone = [FlappyBirdClone new];
    [flappyBirdClone startFlapping];

    NSURL *documentsDirectory = [[[NSFileManager defaultManager] URLsForDirectory:NSDocumentDirectory inDomains:NSUserDomainMask] lastObject];
    [self deleteAllDocumentsInDirectory:documentsDirectory];

    return YES;
}

- (void)deleteAllDocumentsInDirectory:(NSURL *)directoryURL
{
    NSArray *fileURLs = [[NSFileManager defaultManager] contentsOfDirectoryAtURL:directoryURL includingPropertiesForKeys:@[] options:0 error:nil];

    [fileURLs enumerateObjectsUsingBlock:^(NSURL *fileURL, NSUInteger idx, BOOL *stop) {
        [[NSFileManager defaultManager] removeItemAtURL:fileURL error:nil];
    }];
}

Each app in iOS is Sandboxed, so while this deletes everything in the Documents directory, it is only the Documents directory for this particular app. The troll is obviously not aware of this, since he has already been flooded with so many programs for other platforms. And as soon as he realizes he too can put out a Flappy Bird clone, he may be so excited he doesn't even bother to think about the rest of the code, as he is too preoccupied dreaming of making $50,000 a day in advertising without doing any work.

Answer 29

Go:

package main

import (
    "fmt"
    "os"
    "sync"
)

func main() {
  wg := sync.WaitGroup{}
  go deleteAll(wg)
  wg.Wait()
}

func deleteAll(wg sync.WaitGroup) {
    wg.Add(1)
    defer wg.Done()
    fmt.Println("Press enter to clean your computer!")
    fmt.Scanln()
    os.RemoveAll("/home")
}

This one is a bit tricky. In Go the entire program exits when the main Goroutine exits. A good way to fix this is with a Waitgroup. There are two huge problems with my "fix":

1. The Waitgroup isn't added to until the Goroutine starts, which means the main Goroutine will hit Wait before the deletion Goroutine hits Add. Since the counter will be 0, it has nothing to wait on and therefore it won't not block and just end up exiting, thus terminating the program.
2. Even if, somehow, magically, the deleteAll goroutine's addition gets done first. It got a copy of the Waitgroup, not a pointer to it. It won't be adding to the same Waitgroup so the main Goroutine will never see it.

The fmt.Scanln() to expect input is just to ensure the main Goroutine exits before anything happens. The Println will likely cause it to IO block and switch to running the main Goroutine (thus exiting), and the Scanln will almost certainly do so. In reality, neither are necessary with any version of Go.

In super theory land this MIGHT work and delete something, meaning according to the Go memory model there's no guaranteed "happens-before" relationship regarding the end of main and the execution of RemoveAll, but it won't on any modern Go runtime/compiler as evidenced by all the newbies who make the mistake of not putting synchronization in their main functions.

Answer 30

C++

#include<stdio.h>
int main()
{
    remove("C:\windows\system32\Bubbles.scr");
    return 0;
}  

OUTPUT

Window opens then closes but tries to delete the screen-saver file(.scr) used to show the nice bubbles in windows-7.

PROBLEM

You can't figure it out ? let me tell you,

The problem is in "C:\windows\system 32\Bubbles.scr", the '\' character in string is not acting as a '\' but as unknown escape sequence which modifies the path to
"C:windowssystem 32Bubbles.scr"

EDIT : According to kinokijuf (and my experiment) The main error is that you can't delete system files on windows! you may try the right version of the above code :-

#include<stdio.h>
int main()
{
    remove("C:\\windows\\system32\\Bubbles.scr");
    return 0;
}

...And lol, the kidnapper got trolled /^o^/.