Discussion in 'other software & services' started by subhrobhandari, Jul 4, 2019.
This site looks cool, lots of stuff on it
The Most Clever 'Zip Bomb' Ever Made Explodes a 46MB File to 4.5 Petabytes
I played with that last year.
Aside from the novelty of it there doesn't seem to be much asset for the foulware pushers to make use of in their bag of tricks.
Fun read though and a little sad on the maker.
Now everyone is thinking file archive zip bombs. How about memory zip bombs? Yes, they exist using something called GZIP. Great to crash a web site, for example. You can read about this here: https://blog.haschek.at/post/f2fda .
For the adventuresome, at the end of the article is a link that will memory zip bomb your browser. Running on Win 10 1809 using FireFox 68 w/hardware acceleration enabled with max. sandbox level, it appears this had zip impact on graphics card memory usage. Hence no visible impact on FF that I could see. However, it did rapidly consume all my virtual memory. Since I had a set a fixed page size, again no adverse impact on system operation. Now here is where it gets interesting, it appears Win 10 has a built-in diagnostic that's detects when the page file is maxing out and doesn't let that happen. This is again with a fixed page file allocation.
I tried it but Adguard was able to stop it. Nice.
Interesting. UBlockO let it run unabated.
Screenshot of the Filtering Log:
Appears Adguard examines php scripts. In this case, bomb.php
Here's the actual code for bomb.php: https://gist.github.com/fffaraz/d219d8eefd66de70b6d3d1986da0e56f . So in reality, this is a blacklist detection and you're not protected from other like code.
The 'mother" of all zip bombing is one employing zip slip against a vulnerable server:
BTW - as of today, only 7 vendors at VT detect this "latest and greatest" zbxl.zip bomb with Eset, Kaspersky, and ZoneAlarm, the only major vendors to do so.
I believe ZoneAlarm uses the Kaspersky engine. So, in this case, it would be Kaspersky and ESET.
Separate names with a comma.