Have you ever heard of the term bombs? The term refers to nested ZIP files which, when unpacked, release huge files that the victim's computer can not process in its memory or can not store it in the disk.
For example, an 5 petabyte file containing only zeros can be easily compressed into 48 kilobytes, because the ZIP compression system can handle repetitive data extraordinarily by multiplying the compression rate.
ZIP bombs: What they do
ZIP bombs have been used in recent decades as a way of destroying antivirus software, which is configured to scan ZIP files by decompressing the file and reviewing its contents.
This of course did not last long because anti-virus software developers added protection against ZIP bombs. However, there are still applications that are exposed to specific files, such as browsers or applications scanning for vulnerabilities such as Nikto, SQLMap and others.
Let's see, however, that it can also be used against malicious users trying to connect or tamper with private sites.
Austrian technology expert Christian Haschek has created two PHP scripts that can detect specific user strings and create ZIP bombs or vulnerability tracking software that attempt to access secure or private websites (such as admin, backends, or login forms).
These scripts will replace the normal page that he expected to find a hacker with one containing ZIP bombs. As soon as the applications they use, they receive the ZIP bomb, they will try to process the data and the attacker's computer will crash.
Most browsers and scanners will stop working!
In the following table, Haschek describes in detail how some applications behave when they encounter a ZIP bomb.
Client | result |
---|---|
IE 11 | Memory rises, IE crashes |
Chrome | Memory rises, error shown |
Edge | Memory rises, then drops and loads forever |
Nobody | It looks like scanning fine but no output is reported |
SQLmap | High memory usage until crash |
safari | Hight memory usage, then crashes and reloads, then memory rises again, etc. |
Chrome (Android) | Memory rises, error shown |
The PHP scripts required to create a ZIP bomb for vulnerability scanners are available at Haschek page.
Below is a demo for browsers, note why your browsing application may stop working and lose your current session.
Caution
https://blog.haschek.at/tools/bomb.php