I used to make jokes to juniors/interns like the above. Then I watched a junior start typing my joke in terminal, and I freaked out and stopped.
Sometimes I forget these jokes go over the heads of people.
And this is exactly why I don’t make those jokes to people unless I know very well they’ll get it
I’ve seen frustrated senior start writing this. Sometimes it’s just a different state of mind that pushes us over critical thinking edge into the void.
The same brain state that leads to chocolate milk mashed potatoes
Do I have to worry that I understand to what you’re referring to?
Same. I was working on a help desk years ago helping another agent with a call where the customer was being ignorant and I sent him a message that said something like “does he want us to wipe his ass for him too?” (Not that exactly but in the context of the situation it would have been similarly insulting). Next reply I get from the other agent was “he said no”.
😬
Yeah, you don’t want toddlers learning gun safety the hard way
I mean… it’s the best way to learn by being stupid and doing mistakes, but truly some mistakes are too much damage and does not help to learn or if we talk about other jobs can kill somebody.
I managed a homework help chatroom for EEs. One of them got a PI and was so happy. Another person suggested that they run that command. Later on the other person claimed they didn’t expect it to work.
It took me and another mod way too long to help the other guy fix his PI. Wasn’t really happy about it. The new rule I came up with was if you must must make a joke do something harmless like “touch /this” and reference MC Hammer.
Did they execute the command on localhost or the remote? Because hey if they had privileges to root-nuke the target that’s gotta count for something right? Lmao
The way this reads I think the company did not actually provide a good sandboxed environemt. So when they
rm -rf /'d the thing they actually deleted a lot of stuff the recruiters still needed (likely the pentest environments for other candidates). Because imo that’s the only reason I can think of to just outright ban a candidate from applying for any other role at the company.You should ban anyone who tries this regardless of the outcome. There is always a small chance they did it on purpose trying to cause damage. There is no benefit by giving them another chance, you just riks giving them the possibility of doing more damage. If the thing was a mistake, the person will learn from it and find another job.
If the task would have been to find general security risks this would have counted. I mean, he did some serious harm, but he was able to find a security issue.
I think there is kind of an assumption that the scenario is “outside host gains privileged access” so there’s not really a security issue with some attacker deleting root on their own box.
If it has been done properly you’re right. If this also affected the host machine it is a security issue.
They did but it might have been a good idea to prove that the command works instead of actually doing it.
Yeah so is tossing a molotov on thier machines, “found a security issue not firproofing everything”
We’ll I’m this case too, if true, the person didn’t know anything about the job they were aplyiyfor and tried to cheat their way into the company. Also not really great.
To be honest, considering the role they’re applying for, I would reject their job application too even if it occurred inside a sandboxed environment.
They should know exactly what
rm -rfdoes. The fact they didn’t and they still arbitrary ran the command anyway… massive red flags. Could even say he failed to twart a social engineering attack.The two cases, they knew what it was and they did it maliciously. They didn’t know what they were doing and got socially engineered in the process. Both cases are cause for failure.
To me it reads like the recruiter thought the person was a troll and banned them.
I mean it reads like a shitpost to me lol.
How are you supposed to fine 7 vulernabilities in an hour anyways? No way they expect the applicant to actually find vulernabilities right? So you need to memorize a bunch and see if they are present, which doesn’t achieve anything other than testing your memorization abilities
How are you supposed to fine 7 vulernabilities in an hour anyways?
Threaten the interviewer with a knife until they give you at least 7 vulnerabilities. tapsheadmeme
Once again proving social engineering is king.
The biggest vulnerability is the user.
That being said, click this link to make an easy thousand dollars a day.
They always forget about the rubber hose exploit.
Using Kali? Easy if you have training. The capstone for our security course a decade ago was too find and exploit 5 remote machines (4 on the same network, 1 was on a second network only one of the machines had access to) in an hour with Kali. I found all 5 but could only exploit 3 of them. If I didn’t have to exploit any of them 7 would be reasonably easy to find.
Kali basically has a library of known exploits and you just run the scanner on a target.
This isn’t novel exploit discovery. This is “which of these 10 windows machines hasn’t been updated in 3 years?”
Just saying that running automated tools and identifying those vulnerabilities is just the first step to learning hacking, but nothing more. To gain a proper understanding you must be able to find vulnerabilities manually or at least understand a certain exploit such as ETERNALBLUE which you won’t really look for manually.
Sure. But for an entry level interview as a pen tester… Scanning with Kali should be an easy task.
It’s going to be a system set up with known vulnerabilities that should be easy to locate using common tools already installed on Kali; a real world scenario should (at least in theory) not be that simple, but in a capture the flag pentest environment, that’s pretty normal
You can see that the first machine is at /dvwa which is the Damn Vulnerable Web Application and is made for practicing hacking. If you have a basic understanding of the vulnerabilities there finding 7 of them is easy peasy.
A taser and 7 pairs of handcuffs
I can find a bunch with just nmap
mf wants you to work before even being hired
Sometimes you get what you deserve
It’s clear the kid wasn’t up to the job. Why sit the interview?
Probably didn’t want to tell them to their face, provide a clinical facade behind which to judge them.
The only time when doing this shit is acceptable
Hey, I know that princesses are ofter schooled in etiquette more than they get real education. unixqueen might not know shit about Unix / Linux. I find this completely believable, like how Queen Elizabeth didn’t know dick about math.
Haha fair, I don’t know anything about this poster other than this meme they made, and I didn’t want to post without attributing the original source.
edit: spacing, added -rf info
The Linux rm Command: Everything You Need to Know
There’s more to rm than meets the eye.
https://www.howtogeek.com/858815/linux-rm-command/
Use rm -rf to Delete Everything
If you absolutely need to delete anything and everything, just use the command:
rm -rf
That combines the -f flag, which forces deletion, with the -r flag, which will delete folders recursively. We previously included the -v argument (to make it verbose), but it isn’t necessary. Just keep in mind that this is basically the nuclear option, and you shouldn’t use it unless you’re absolutely sure you want something gone forever.
On modern Linux versions you need to add --no-preserve-root or it won’t work as nicely
Thanks!
What would happen to him if he where to miraculously pass the interview?
Months 1-3: hey he’s new, just getting used to things
Months 4-6: he’s not good, but maybe trainable?
Months 7-9: he needs to be on a PIP so we can CYA and fire him
Months 10-12: phase out and fire
Rinse and repeat at new companies every year for 5 years, get hired as Engineering Manager at sixth job.
Before you become a master you must make one thousand mistakes; some people choose to make the same ten mistakes a hundred times each
A thousand novel mistakes.
this is very accurate
please just kill me instead
No you get to live. But it’s your choice to suffer.
I don’t work these shitty jobs that can barely pay for my existence by choice.
This hurts
Nothing wrong with being a newbie. Be curious and willing to learn!
Depending on the pay, that’s a nice little scam for someone.
When I was in my mid 20s, the only jobs nearby were basic retail work, and mostly part time. As you can probably imagine, the pay wasn’t great. If remote work had been available then, I could see me being tempted to try this, even if it was just to tide me over for a while.
I’m the kind of person who hates not being able to do something, so I’d probably burn myself out trying to learn how to do the job in between working it, but it would still be tempting.
Ok now, be nice to the company leadership…
Yep. They cheated hard to get there.
the amount of ppl taking those shots seriously (more or less, everybody) is simply flabbergasting omg lol
rm -rf /* This will not display warning messages.
not sure why you deem it necessary to point it out in this specific context, anyway yes, depending on system setup this definitely could show a warning
atleast
Okay, you illiterate fuck, this I do for the planet and not for you.
Chill out. They may be German or something where shit like that is concatenated into one word.
At least -> zu mindest -> zumindest
Checks out, +Comment+
:( atleast should be a word. atleast it would make sense if it was :)
Okay) now try to say that in that person’s native langage though, Canada is inclusive they said
Did they run it with no-preserve-root? Is Kali so old it doesn’t have they protection? Did they just see the command in history on a perfectly fine system, and decide never to hire on that basis?
Yeah sounds to me like the dude found the first vulnerability.
Removed by mod
Good, don’t best this guy in the Linux ecosystem then.
