home Printers Archive bomb. An even better ZIP bomb

Archive bomb. An even better ZIP bomb

New varieties of computer viruses appear almost every day, and the vast majority of both new and modified malware are aimed at extracting profit. Stealing passwords, bank card numbers, using the computing power of users' computers by creating botnets, extortion - this is what viruses are mainly created for. But among the malware there are also those whose goal is ordinary sabotage.

Such viruses were common at the beginning of the computer era and now they seem to be gaining popularity again. Recently, cases of computer infection with so-called archives of death- malicious archives, the unpacking of which completely fills the hard drive with data and, as some say, can even damage the hardware, placing a heavy load on it. The virus, which once terrorized users several years ago, is one of them.

Outwardly it looks like a regular archive weighing 42 kilobyte, but if you unpack it you will get 4,5 petabyte of information! Do you think this is impossible? No matter how it is. By her own ZIP -a bomb is nothing more than a dummy, but it contains a special data generation algorithm. If the user tries to unpack such an archive, the layers it contains will 16 files per level will begin to unfold, generating a huge amount of meaningless information. As a result "explosion" this ZIP -bombs, the disk turns out to be filled to capacity with cache and the system completely freezes or crashes BSOD.

As for the failure of computer hardware, this is probably an exaggeration; the load on the components will indeed increase sharply, but it is unlikely to be high enough for them to burn out. If the processor overheats, the protection will work and the computer will reboot, although there is no 100% guarantee that this will happen. In the trash PC ZIP -bombs will not transform, files already on the disk will not be destroyed, but the user’s nerves will be frayed, that’s for sure. Do antiviruses recognize such threats? Yes, antivirus programs can recognize this type of malware, although they pose a threat ZIP -the bomb can also be for the antivirus itself: when trying to unpack the archive, the antivirus can also fill up all the memory and not find anything.

Like all ZIP -bombs, dangerous not only for Windows, but also for other operating systems that support working with archives ZIP . What to do if this ZIP-Did the bomb go off on your computer? It’s better not to wait for the system to crash, but to forcefully turn off the computer, boot into safe mode or from under LiveCD, delete the archive and the garbage that it has already produced, and at the same time check the startup, because the malicious program could well have written its code there.

One very interesting and important event happened, offensively quietly and unnoticed. Russian President Vladimir Putin met and talked with one of the heads of the civil service, whose name does not often appear in the press. No, this man is not a secret agent, although due to his occupation he has access to secret information, and can even be considered a kind of “invisible front fighter.” In general, Putin talked with the head of the Federal Archival Agency Andrei Artizov.

The conversation between the head of state and the head of the agency was of a business nature, the possible consequences of which could in some places cause the effect of an exploding bomb, and in some people even the detonation of a personal nozzle.

The President made a quiet statement that he had decided to declassify many archival documents, and the decree would be signed on the same day. In addition, Putin announced the transfer of Rosarkhiv to direct subordination to the President of Russia, since many of the department’s materials “are of particular value and have global significance.”

The head of the agency, in turn, informed the president that the Russian archival fund stores 500 million files, and that “never in recent decades has planned, organized declassification work been carried out the way it is being carried out now.”

The key point is that immediately after declassification, archival documents will be available on the official website of the Russian Archive, for which a special database has already been created.

Among the already declassified archives are materials that domestic and foreign historians have long been licking their lips at: 1,400 unique directives of Stalin, orders from Headquarters, front-line orders, operational maps, resolutions and photographs of that time, which until recently were stored in archives under the heading “top secret.”

One can only sincerely rejoice for the historians, wish them fresh and interesting works, which will be based on the above-mentioned documents, but only declassification will affect more than one military-historical topic.

A source close to Rosarkhiv provides interesting details: “As far as I know from information from the archives department, we are talking about the period from 1930 to 1989. There are cases of, excuse me, informers - as well as innocent repressed people, with very interesting surnames. There will be data on space and military developments that can already be reported. In addition, data on the course of battles, orders and received intelligence information during the Great Patriotic War, as well as on interstate relations during the Cold War, are declassified.”

And he adds very forcefully: “Some documents will surprise society. You need to know your own history, whatever it may be.”

Archives have a long memory and carry a potential charge no worse than a hydrogen bomb. It is no coincidence that in our country the “marshals’ case” and the “doctors’ case” continue to remain classified, creating the basis for all kinds of speculation for a long time. Not so long ago in Great Britain, a special commission dealt with archival documents whose period of secrecy was coming to an end, but based on data on pre-war contacts between British intelligence and the Nazi SD, it was decided to extend the secrecy regime for another 50 years.

The reservation about “some documents will surprise society” was not made by chance. In the late 1980s, both in Russia and in the republics of the former USSR, a variety of people came to power on the wave of “democratization.”

Many show amazing political vitality, despite a clear lack of managerial talent and a tendency to teach the people about democracy from their own point of view.

In the near abroad, former leaders of the “popular fronts”, who changed their worldview from anti-Soviet to anti-Russian, have become firmly attached to power and are pursuing unfriendly policies towards Russia from their territory - from organizing congresses of all kinds of disenfranchised from “Open Russia” to training pro-fascist militants and providing military assistance Banderaites.

The European community, as well as the citizens of these limitrophes, will be interested to find out from the declassified documents of the Federal Archive - which of the registered “Eurodemocrats” were KGB informants. The earth is full of rumors that in their foggy youth the former leader of the Lithuanian National Front Landsbergis and the current Madame President Dalia Grybauskaite “knocked” at the KGB. Now, I believe, it will be possible to learn about this side of their biography from the primary source.

You can gossip about “it was a long time ago and it’s not true”, “it’s overgrown with reality”, as much as you like, but you shouldn’t underestimate the destructive power of such revelations.

One may recall how last year a package of documents, unearthed by the Institute of National Remembrance, about the collaboration of Lech Walesa (under the operational guise of “Bolek”) in the midst of his activities at the Gdansk Shipyard, was spectacularly released in the Polish press. The information explosion left no stone unturned in the image of the icon, “Pole No. 1,” leader of Solidarity, Nobel Peace Prize laureate and the first president of anti-Soviet Poland. From now on and forever, Walesa is just a mustachioed fat old man, a ruin of a bygone era, whose shame can be seen with your own eyes in the form of 17 receipts exhibited at the same Institute of National Remembrance for receiving money for the knock-knock information transferred to the special services.

One can only regret that the archival “bomb” did not explode under the agent “Bolek” in the 1980s, when he and his “Solidarity”, working together with Western intelligence services, were shaking socialist Poland.

A lot of interesting surprises may lie in wait for dedicated domestic liberals. Their winding life path is in many ways similar to Walesa’s path to the heights of power. Unfortunately, the KGB was in no hurry to expose the reformed informants for many reasons, among which ethical ones were not the least important. After all, if you reveal an agent, especially a voluntary one, then who will cooperate? Agents caught committing unseemly acts and recruited on this basis will not get you very far.

Unofficial information is leaking in the media that “prominent figures of the liberal-democratic movement in Russia” cooperated with the Soviet intelligence services voluntarily, for selfish reasons: interesting business trips, career advancement, prestigious work, etc.

One can only imagine what kind of snitching vipers various creative associations of writers, theater workers and filmmakers were.

Many critics of the USSR and the Soviet system had parents who were not just prominent party or economic figures, but also served in the NKVD-MGB-KGB, and even took personal part in repressions.

Of course, children are not responsible for their fathers, but it becomes disgusting in the soul when repainted offspring, who do not want to remember the past of their parents, but once, without any remorse, used their high position as a springboard to a personal bright future, begin to expose and tear off the covers.

Declassified archives can influence the balance of power in embattled Ukraine. One can recall how a number of documents published on social networks by Miroslava Berdnik even before the Maidan putsch, concerning the cooperation of OUN leaders with the MGB and the Ministry of Internal Affairs, caused attacks of writhing and fountains of throat diarrhea among fans of Bandera’s corpses. Svidomites cursed and called photocopies of documents “FSB fakes,” but could not argue with any argument.

Why is it important? Ukrainian radical nationalism is evil without any reservations. But it is professed by a variety of people. Among modern OUN members there are their idealists who want to cleanse Ukrainian nationalism of the most odious figures of Bandera and Shukhevych, since they have long ago irrevocably compromised themselves as Hitler’s puppets and punitive forces. Be that as it may, post-war Soviet intelligence had a good understanding of the feelings of German nationalists, who clearly separated themselves from the Nazis and supporters of General Gehlen, who fell under the Americans. German nationalists, who considered Bismarck their idol, having survived the horrors of war and seeing how the Americans were pushing Germany into a new war with the USSR, chose to work for Soviet and East German intelligence. This point is definitely worth taking into account.

On the other hand, Ukraine is full of ardent neo-Banderists who do not suffer from excess disgust, who are not afraid of any documentary evidence of the collaboration of their idols with Hitler’s special services. What if declassified documents are published saying that their idols, like Vasil Kuk, leaked information to the MGB about “brothers” sitting in caches?

If it suddenly turns out that all sorts of “rights activists” and “independents” of the late Soviet period knocked on the KGB to soften the prison regime, for an additional parcel of lard from home or a pack of shag from a camp stall? Will Bandera’s “spilnota”, which sees everywhere the long hand of Moscow, the FSB and Putin personally, stand such a test of the strength of convictions?

Information of this kind can cause a powerful release of thermonuclear plasma from Svidomo doupas, the owners of which boast of “national purity” and “Svidomo.” For some, revelations of idols may make them recoil and come to their senses.

It would be interesting to learn about the double life of the leaders of the self-proclaimed “Majlis”, as well as other disgusting figures who languish under the self-imposed burden of the “conscience of the nation.”

So, under whose personal backside will the first archival “bomb” explode? Who will be the “locomotive” unwinding a long chain of revelations?

[Update] Now I'm on some kind of intelligence agency list because I wrote an article about some kind of "bomb", right?

If you've ever hosted a website or administered a server, you're probably well aware of the bad people who try to do all sorts of bad things to your property.

When I first hosted my little Linux box with SSH access at the age of 13, I looked at the logs and every day I saw IP addresses (mostly from China and Russia) trying to connect to my sweet little box (which is actually It was actually an old ThinkPad T21 laptop with a broken display, buzzing under the bed). I reported these IPs to their providers.

In fact, if you have a Linux server with open SSH, you can see for yourself how many connection attempts occur daily:

Grep "authentication failures" /var/log/auth.log


Hundreds of unsuccessful authorization attempts, although the server has password authentication disabled and is running on a non-standard port

Wordpress sentenced us

Okay, let's face it, web vulnerability scanners existed before Wordpress, but after the platform became so popular, most scanners started checking for misconfigured wp-admin folders and unpatched plugins.

So if a little budding hacker gang wants to get some fresh accounts, they'll download one of these scanner tools and set it on a bunch of websites in hopes of gaining access to some site and deface it.


Sample logs when scanning with Nikto tool

This is why all servers and website administrators deal with gigabytes of logs full of scan attempts. So I thought...

Is it possible to strike back?

After experimenting with the potential use of IDS or Fail2ban, I was reminded of the good old ZIP bombs from the past.

What kind of thing is a ZIP bomb?

As it turns out, ZIP compression is great at dealing with repetitive data, so if you have a giant text file filled with repetitive data like all zeros, it will compress very well. I mean, VERY good.

As 42.zip showed, it is possible to compress 4.5 petabytes (4,500,000 gigabytes) into 42 kilobytes. When you try to view the contents of the archive (extract or unzip it), you will probably run out of disk space or RAM.

How to drop a ZIP bomb on a vulnerability scanner?

Unfortunately, web browsers don't understand ZIP, but they do understand GZIP.

So the first thing we'll do is create a 10GB GZIP file filled with zeros. There are many nested compressions you can do, but let's start simple.

Dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip


Making a bomb and checking its size

As you can see, its size is 10 MB. It could have been compressed better, but that's enough for now.

Now let's install a PHP script that will deliver it to the client.

Ready!

Now we can use it as a simple defense:

Obviously, this script is not the epitome of elegance, but it can protect us from the script kids mentioned earlier, who have no idea that the user-agent can be changed in scanners.

So... What happens if you run this script?


(if you tested the bomb on other devices/browsers/scripts, please

What kind of thing is a ZIP bomb?

As it turns out, ZIP compression is great at dealing with repetitive data, so if you have a giant text file filled with repetitive data like all zeros, it will compress very well. I mean, VERY good.

As 42.zip showed, it is possible to compress 4.5 petabytes (4,500,000 gigabytes) into 42 kilobytes. When you try to view the contents of the archive (extract or unzip it), you will probably run out of disk space or RAM.

How to make a ZIP bomb?

First, let's create a 10GB ZIP file filled with zeros. There are many nested compressions you can do, but let's start simple.

In Linux you can do it very simply with the dd command:

Dd if=/dev/zero bs=1M count=10240 >> 10

Let's get a file with the name "10" and 10 gigs... :)

Zip -r 10.zip 10

Let's get a file named "10.zip", for me it weighs only five megabytes! :)

How to drop a ZIP bomb on a victim?

Well, you can just give him such a file to unpack! :)

But let's look at a cooler way:

Unfortunately, web browsers don't understand ZIP, but they do understand GZIP.

So the first thing we'll do is create a 10GB GZIP file filled with zeros.

Dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip


Making a bomb and checking its size

As you can see, its size is 10 MB. It could have been compressed better, but that's enough for now.

Now let's install a PHP script that will deliver it to the client.

The browser will read such a file and die! :)

Can be used to combat hackers and vulnerability scanners, example:

This script checks the headers of popular scanners for vulnerabilities and issues this file for reading instead of the site itself! :)

So... What happens if you run this script?

IE 11- Memory is consumed, IE crashes.
Chrome- Memory is being consumed and an error is displayed.
Edge- Memory is consumed, leaks, takes forever to load.
Nikto- It seems to scan normally, but does not produce results.
SQLmap- Large memory consumption, then drops.
Safari - High memory consumption, then crashes and reboots, then again high memory consumption, and so on...
Chrome (Android) - Memory is consumed and an error is displayed.

We recommend articles on the topic
Iron
The best sense for cs go. Sensing settings in CS:GO. Setting up a mouse in CS:GO
The best sense for cs go. Sensing settings in CS:GO. Setting up a mouse in CS:GO
But before moving on to the direct method of finding your sense, I would like to tell you about the things that are simply necessary for...
Security and Protection
Making money by cheating or how to make money on the Internet on social networks, etc.
Making money by cheating or how to make money on the Internet on social networks, etc.
Thanks to the knowledge gained in this scheme for making money in CPA networks, you can safely use YAN (Yandex advertising network) - the main thing is...