• Register now to get access to thousands of Tutorials, Leaked content, Hot NSFW and much more. Join us as we build and grow the community.

Advertise Here

Advertise Here

Advertise Here

ZIP Bomb - Decompression Bomb Attack

CanadianCookies

Network Intelligence Aggregator
C
C Rep
0
0
0
Rep
0
C Vouches
0
0
0
Vouches
0
Posts
91
Likes
77
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 100 XP
  • Decompression device (mobile, PC, etc.)
  • Decompression for processing in the server
  • Tools that handle formats that use PK headers (eg Office's OXML)
In the simplest way, there is a way to create a zip containing multiple files and directories, and there are zip bombs made by using recursion or overwriting file headers and contents.
When you have a 10 MB Zip Bomb file, it may be 281 TB in size when unzipped.
As a similar form of attack, https://www.hahwul.com/2019/02/21/compiler-bomb-for-hacking-and-security/ attack.
Single-layered
It is created by overwriting the file's header, content, etc. with a Zip Bomb, which consists of a single layer within a Zip file. Representatively, there are samples of zbsm, zblg, and zbxl.
Multi-layered
A Zip Bomb containing multiple layers. A well-known file is 42.zip.
Self-replicating
A self-replicating Zip Bomb. A form of zip that duplicates itself on decompression and creates a recursive process.
đź—ˇ Offensive techniques
Detect
Since this is a problem that occurs when decompressing, the function of the service that handles compressed files, API, and Application are all subject to testing. Make sure the service internally handles compressed files like Zip. If you believe there is such a section, you can test it by creating a malicious file to identify and respond to zip bombs.
POST /upload_zip HTTP/1.1
A well-known sample is shown below. Of course, for a stable test, I recommend making and using it yourself.
Exploitation
Zip-Bomb is a DOS-like availability attack. A single file or HTTP Request can affect the overall service by using excessive server resources, or it can cause problems in the file system, causing semi-permanent damage to the system.
Depending on the configuration of the system, the following exploit scenarios exist.
  • Consumes a large amount of computing resources and affects other functions
  • Incurs excessive costs by consuming a large amount of computing resources (sensitive in case of public cloud)
  • Excessive file size reduces free space in the file system, preventing logging, etc.
🛡 Defensive techniques
It is recommended not to process files with excessive structure, recursive files, or files with strange headers in the library used for decompression such as Zip or in the code you write yourself.
đź•ą Tools

Loading…

cdn.jsdelivr.net


Like the Post to get more!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

452,500

350,639

350,649

V Valux
Top