Over at https://security.stackexchange.com/questions/224673/can-malicious-code-fit-in-14-bytes, one of the comments mentioned the following 14-character code sample, in the setting of malicious logic:
:(){ :|:& };:\n
No other context was provided. Naturally, this is impossible to google. I'm not a member of that site, and thus I cannot ask the original commenter for clarification.
So,
What does this code do? If nonobvious, why is it malicious?
The code you mentioned is of Linux fork bomb. Fork bomb is a function that is used to conduct Denial-of-service attack on the system.
Let's breakdown the code:
The basic structure of a Linux bash function is:
function(){
arg1=$1
arg2=$2
echo 'Hello'
#perform_something on $arg
}
Comparing the fork bomb function with the above syntax of bash function, it would be like following:
:(){
:|:&
};:\n
Where:
:()
It defines a function named as ":".
:|:
The function ":" calls itself recursively and pipes the output to another call of the function ":" (which makes the fork bomb unstoppable unless you reboot your system).
&
This puts the function execution to the background.
;
; terminates the function.
:
It calls the function (fork bomb) without arguments because fork bomb function requires no arguments to run.
What language is this?
The language is Bash.
In the future, when faced with a wall of punctuation, how can I find out the above two? Is there a website/tool for this, or some other reasonable method?
It will need you to use google and search with breaking down the punctuation string in parts.
Warning: Do not run this code on your Linux system as it will make your system crash and unresponsive unless you reboot it.