ZIP bombs chase the aspiring hacker

Have you ever heard of the term bombs? The term refers to nested ZIP files which, when unpacked, release huge files that the victim's computer can not process in its memory or can not store it in the disk.

For example, an 5 petabyte file containing only zeros can be easily compressed into 48 kilobytes, because the ZIP compression system can handle repetitive data extraordinarily by multiplying the compression rate.ZIP bombs

ZIP bombs: What they do

ZIP bombs have been used in recent decades as a way of destroying antivirus software, which is configured to scan ZIP files by decompressing the file and reviewing its contents.

This of course did not last long because anti-virus software developers added protection against ZIP bombs. However, there are still applications that are exposed to specific files, such as browsers or applications scanning for vulnerabilities such as Nikto, SQLMap and others.

Let's see, however, that it can also be used against malicious users trying to connect or tamper with private sites.

Austrian technology expert Christian Haschek has created two PHP scripts that can detect specific user strings and create ZIP bombs or vulnerability tracking software that attempt to access secure or private websites (such as admin, backends, or login forms).

These scripts will replace the normal page that he expected to find a hacker with one containing ZIP bombs. As soon as the applications they use, they receive the ZIP bomb, they will try to process the data and the attacker's computer will crash.

Most browsers and scanners will stop working!

In the following table, Haschek describes in detail how some applications behave when they encounter a ZIP bomb.

Client result
IE 11 Memory rises, IE crashes
Chrome Memory rises, error shown
Edge Memory rises, then drops and loads forever
Nobody It looks like scanning fine but no output is reported
SQLmap High memory usage until crash
safari Hight memory usage, then crashes and reloads, then memory rises again, etc.
Chrome (Android) Memory rises, error shown

The PHP scripts required to create a ZIP bomb for vulnerability scanners are available at Haschek page.

Below is a demo for browsers, note why your browsing application may stop working and lose your current session.

Caution

https://blog.haschek.at/tools/bomb.php

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).