ZIP bombs chase the aspiring hacker

Have you ever heard the term ZIP bombs? The term refers to nested ZIP files which, when unzipped, release huge files that the victim's computer cannot process in μνήμη of or cannot save them to disk.

For example, an 5 petabyte file containing only zeros can be easily compressed into 48 kilobytes, because the ZIP compression system can handle repetitive data extraordinarily by multiplying the compression rate.

ZIP bombs: What they do

ZIP bombs have been used in recent decades as a way of destroying antivirus software, which is configured to scan ZIP files by decompressing the file and reviewing its contents.

This of course did not last long because anti-virus software developers added protection against ZIP bombs. However, there are still applications that are exposed to specific files, such as browsers or applications scanning for vulnerabilities such as Nikto, SQLMap and others.

Let's see, however, that it can also be used against malicious users trying to connect or tamper with private sites.

Austrian technology expert Christian Haschek has created two PHP scripts that can detect specific user strings and create ZIP bombs or vulnerability tracking software that attempt to access secure or private websites (such as admin, backends, or login forms).

These scripts will replace the regular page he expected to find o hacker with one containing ZIP bombs. Once the applications they use receive the ZIP bomb, they will try to process the data and the attacker's computer will crash.

Most browsers and scanners will stop working!

In the following table, Haschek describes in detail how some applications behave when they encounter a ZIP bomb.

The PHP scripts required for the creation of a ZIP bomb for vulnerability scanners are available at Haschek page.

Below is a demo for browsers, note why your browsing application may stop working and lose your current session.

Caution

https://blog.haschek.at/tools/bomb.php