Zip Bomb Education 101

Zip Bomb

Chrome Crash

Webmasters can use so-called ZIP bombs to crash a hacker’s vulnerability and port scanner and prevent him from gaining access to their website.

The term “ZIP bomb” refers to nested ZIP archives that when unzipped are decompressed to huge files that the victim’s computer cannot process in its memory or cannot store on disk.

For example, a 4.5 petabyte file containing only zeroes can be easily compressed to 42 kilobytes because the ZIP compression system can handle repetitive data extremely well.

ZIP bombs used in the past to crash antiviruses.

ZIP bombs have been used in the past decades as a way to crash antivirus software, which is configured to scan ZIP files by decompressing the file and looking at its content.

While antivirus clients have gained protection against ZIP bombs, other software has not, such as web browsers or vulnerability scanners like Nikto, SQLMap, or others.

Austrian tech expert Christian Haschek has put together two PHP scripts that will scan for particular user-agent strings and deliver ZIP bombs to vulnerability scanners or web browsers trying to access secure or private web pages (such as admin panels, backends, or pages with login forms).

These scripts will replace the normal page hackers would expect to find with a ZIP bomb. Once their clients receive the ZIP bomb, they’ll try to process the data and crash the attacker’s software.

Most browsers and scanners will crash
Here’s a list put together by Haschek that details how some clients will behave when encountering a ZIP bomb.

Client Results

  • IE 11 Memory rises, IE crashes
  • Chrome Memory rises, error shown
  • Edge Memory rises, then dips and
  • loads forever
  • Nikto Seems to scan fine but no output is reported
  • SQLmap High memory usage until crash
  • Safari Hight memory usage then crashes and reloads, then memory rises again, etc..
  • Chrome (Android) Memory rises, error shown

 


 

The two sample PHP files needed to set up a ZIP bomb for vulnerability scanners are available on Haschek’s blog. FL Computer Tech’s Copy of a 4.5 Petabyte file can be downloaded here. The password is:42. A word of caution, this file is for testing and lab purposes only. You assume the risk if it locks up your computer. Here is an Infographic on what a Petabyte is in terms of data storage size. It is quite impressive.

 

What is even more impressive is that a file 4.5 Petabytes in size (see Infographic to the left) can be stored or “compressed” into a zip file on 41.8 KB in size. Using this principle it is likely that by placing Zip Bombs in a “Honey Pot” on corporate servers and web servers would yield favorable results. On the opposite side of the spectrum is a Zip Bomb were to be included or added to a compressed file in either .zip or .rar format from a popular torrent website or P2P file sharing website, it could theoretically cause some serious issues. This would only wreak possible havoc and perhaps frustration but since it would not be profitable it probably wouldn’t occur unless this applied theory was magnified greatly in which it could be used in some form of a Cyber Attack although these as only speculations.

 

So, there you have it! In comparison, I would say it’s like taking New York City and fitting it into your carry-on luggage. If you got to the hotel and decided to unpack your luggage and New York City came spilling out into your room, you see how that might pose an issue right? Think micro-miny into monstrous monstrosity!

Don’t forget to follow-us @FLComputertech!

 

Comments are closed.