ZIP bombs chase the aspiring hacker

Have you ever heard of the term bombs? The term refers to nested ZIP files which, when unpacked, release huge files that the victim's computer can not process in its memory or can not store it in the disk.

For example, a 5 petabyte file containing only zeros can easily be compressed to 48 kilobytes because the system ZIP compression can handle repetitive data extremely well by multiplying the compression rate.

ZIP bombs: What they do

ZIP bombs have been used in recent decades as a way of destroying antivirus software, which is configured to scan ZIP files by decompressing the file and reviewing its contents.

Of course, this didn't last long because antivirus software companies added protection against ZIP bombs. But there are still applications that are exposed to the specific files, such as programs tours or apps that scan for vulnerabilities, such as Nikto, SQLMap and others.

Let's see, however, that it can also be used against malicious users trying to connect or tamper with private sites.

Austrian technology expert Christian Haschek has created two PHP scripts that can detect specific user strings and create ZIP bombs or vulnerability tracking software that attempt to access secure or private websites (such as admin, backends, or login forms).

These scripts will replace the normal page that he expected to find a hacker with one containing ZIP bombs. As soon as the applications they use, they receive the ZIP bomb, they will try to process the data and the attacker's computer will crash.

Most browsers and scanners will stop working!

In the following table, Haschek describes in detail how some applications behave when they encounter a ZIP bomb.

The PHP scripts required for the creation of a ZIP bomb for vulnerability scanners are available at Haschek page.

Below is a demo for browsers, note why your browsing application may stop working and lose your current session.

Caution

https://blog.haschek.at/tools/bomb.php