A better zip bomb (non-recursive)

Discussion in 'other software & services' started by subhrobhandari, Jul 4, 2019.

  1. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    780
    https://www.bamsoftware.com/hacks/zipbomb/
     
  2. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    This site looks cool, lots of stuff on it :D
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    The Most Clever 'Zip Bomb' Ever Made Explodes a 46MB File to 4.5 Petabytes
    https://www.vice.com/en_us/article/...ver-made-explodes-a-46mb-file-to-45-petabytes
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Now everyone is thinking file archive zip bombs. How about memory zip bombs? Yes, they exist using something called GZIP. Great to crash a web site, for example. You can read about this here: https://blog.haschek.at/post/f2fda .

    For the adventuresome, at the end of the article is a link that will memory zip bomb your browser. Running on Win 10 1809 using FireFox 68 w/hardware acceleration enabled with max. sandbox level, it appears this had zip impact on graphics card memory usage. Hence no visible impact on FF that I could see. However, it did rapidly consume all my virtual memory. Since I had a set a fixed page size, again no adverse impact on system operation. Now here is where it gets interesting, it appears Win 10 has a built-in diagnostic that's detects when the page file is maxing out and doesn't let that happen. This is again with a fixed page file allocation.
     
  6. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,794
    Location:
    .
    I tried it but Adguard was able to stop it. Nice.
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Interesting. UBlockO let it run unabated.

    Question is what did Adguard block? Javascript execution?
     
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,794
    Location:
    .
    Screenshot of the Filtering Log:
    Z.png
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Last edited: Jul 14, 2019
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    The 'mother" of all zip bombing is one employing zip slip against a vulnerable server:
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    BTW - as of today, only 7 vendors at VT detect this "latest and greatest" zbxl.zip bomb with Eset, Kaspersky, and ZoneAlarm, the only major vendors to do so.
     
  12. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    I believe ZoneAlarm uses the Kaspersky engine. So, in this case, it would be Kaspersky and ESET.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.