Have you ever heard the term ZIP bombs? The term refers to nested ZIP files which, when unzipped, release huge files that o computerThe victim's files cannot be processed in memory or cannot be saved to disk.
For example, an 5 petabyte file containing only zeros can be easily compressed into 48 kilobytes, because the ZIP compression system can handle repetitive data extraordinarily by multiplying the compression rate.
ZIP bombs: What they do
ZIP bombs have been used in recent decades as a way of destroying antivirus software, which is configured to scan ZIP files by decompressing the file and reviewing its contents.
Of course, this didn't last long because antivirus software companies added protection against ZIP bombs. But there are still applications that are exposed to the specific files, such as the proletterbrowsers or apps that scan for vulnerabilities, such as Nikto, SQLMap and others.
Let's see, however, that it can also be used against malicious users trying to connect or tamper with private sites.
The Austrian expert technology Christian Haschek created two PHP scripts that can detect specific user strings and create ZIP bombs for browsers or vulnerability scanners trying to access secure or private websites (such as admin panels, backends or login forms).
These scripts will replace the normal page that he expected to find a hacker with one containing ZIP bombs. As soon as the applications they use, they receive the ZIP bomb, they will try to process the data and the attacker's computer will crash.
Most browsers and scanners will stop working!
In the following table, Haschek describes in detail how some applications behave when they encounter a ZIP bomb.
Client | result |
---|---|
IE 11 | Memory rises, IE crashes |
Chrome | Memory rises, error shown |
Edge | Memory rises, then drops and loads forever |
Nobody | It looks like scanning fine but no output is reported |
SQLmap | High memory usage until crash |
Safari | Hight memory usage, then crashes and reloads, then memory rises again, etc. |
Chrome (Android) | Memory rises, error shown |
The PHP scripts required for the creation of a ZIP bomb for vulnerability scanners are available at Haschek page.
Below is a demo for browsers, note why your browsing application may stop working and lose your current session.
Caution
https://blog.haschek.at/tools/bomb.php