Skip to content

harimypala/Zip_Bomb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
Challenge9.zip
Challenge9.zip
 
 
README.md
README.md
 
 
a.txt
a.txt
 
 
zbsm.zip
zbsm.zip
 
 

Repository files navigation

Zip Bomb

Zip bomb is a potentially vulnerable file, which leads to computer crash.
Zip bomb are of two types

  1. Recursive
    • Can be built in Windows environment
  2. Non-recursive
    • Can be built in Linux environment using a tool called zip bomb.

https://youtu.be/2aVR_v5euiQ

How to create zip bomb (Recursive) in Windows environment?

  1. Open any text editor and insert null value (press ALT+255 in keyboard) continued by < space >. image

  2. Save the file in a fresh folder and name the file as a.txt.

  3. Now copy the file and paste the file for 10-20 times in he same folder. image

  4. Now club all the a.txt files to one file.

    • Open cmd prompt and navigate to the file location.

    • Type in the command copy * /b b.txt and hit ENTER.
      image

    • A new file is generated in the same folder called b.txt by the above command. image

    • Delete all the files other that b.txt file.

    • Now repeat the same process from point 3(copy b.txt file and paste for 10-20 times...).

    • Continue till f.txt file with a solid file size of 1GB.

  5. Now Zip the f.txt file with 7ZIP with the below options and name it as exploit0.zip (zipping takes some time). image

  6. Now DELETE the f.txt file and copy the exploit0.zip file and paste for 10 times.

  7. Select all and zip the files using 7ZIP by following point 5 options and name it as exploit1.zip.

  8. Now DELETE the exploit0.zip files and repeat the same process as point 6.

  9. Continue the same process till exploit9.zip file with a size of 99KB.

Now the recursive Zip Bomb is ready.

Calculations

Size mentioned in the table to original (uncompressed) size of the file.

a.txt >>> f.txt exploit0.zip=1GB exploit1.zip=10GB exploit2.zip=100GB >>> exploit9.zip=1,000,000,000GB or 1000PB
1KB >>> 1GB 1GB 1GB 100GB >>> 100PB
1GB 100GB >>> 100PB
1GB 100GB >>> 100PB
1GB 100GB >>> 100PB
1GB 100GB >>> 100PB
1GB 100GB >>> 100PB
1GB 100GB >>> 100PB
1GB 100GB >>> 100PB
1GB 100GB >>> 100PB
1GB 100GB >>> 100PB

How to create zip bomb (Non-Recursive) in Linux environment?

  1. Open Terminal and clone the zip bomb tool using this git clone https://www.bamsoftware.com/git/zipbomb.git.
  2. Navigate to zip bomb folder and type in python3 zipbomb --mode=quoted_overlap --num-files=250 --compressed-size=21179 > zbsm.zip.
  3. This will create a malicious zip file zbsm.zip.
  4. Now the zip bomb is ready, you can also insert script in the malicious zip file.
  5. For more information please refer to the README file in the tool. cat README

Now the non-recursive Zip Bomb is ready.

Scan with Virus Total

Non-Recursive Zip Bomb

image

Recursive Zip Bomb

image

Reference: https://www.bamsoftware.com/hacks/zipbomb/

THANK YOU
- Hari Mypala

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published