]
09-12-2017, 04:58 AM
The fork bomb is the equivalent of a DDoS attack on your own system. It aims to deprive the system of memory (RAM), leaving nothing for other applications or the operating system’s vital operations required to keep the systems running, hence crashing it. Just 5 characters long, the fork bomb is not permanently harmful for a computer, just annoying.
We’re now going to build on the introduction to batch files. Make sure you’ve got a VM all set up and running.
And here is the fork bomb:
Yes, this is it. The above is a shorter alternative for the following more comprehensible code:
And finally goto s brings us back to the top, forming a loop.
So every time the loop is run another instance of the same program is started and then both of them run together and again duplicate themselves and so on.
![[Image: forkbomb.png]](http://xeushack.com/assets/img/posts/fork-bomb/forkbomb.png)
Every program doubling itself is a form of exponential growth. After one iteration of the loop, two programs (21) are created. After another cycle, each of those two create another two for a total of four (22). After 10 iterations we have 1024 (210) instances of our little batch file. After 100 iterations we have 2100 = 1.267 nonillion, a number so big you don’t even know what ‘nonillion’ is (It’s 1030).
The first instance will likely not even complete 50 iterations before the system grinds to a halt and crashes. For such a simple script, each individual iteration would hardly take a few milliseconds, so the first few iterations complete very quickly and soon it becomes more than what the computer can handle.
Is there a way to protect against fork bombs? Yup.
Any antivirus worth it’s salt would be able to scan this suspicious executable file and warn the user before execution. As a fork bomb’s mode of operation is entirely dependent on being able to create new processes, one way of preventing a fork bomb from severely affecting the entire system is to limit the maximum number of processes that a single user may own. On Linux, this can be achieved by using the ulimit utility; for example, the command ulimit -u 30 would limit the affected user to a maximum of thirty owned processes.
And so we have our first little virus under our belt. Head over to the next one to continue or scroll down if you’re interested in checking out the code for fork bomb in other common languages.
Bash
Python
Java
Ruby
C
JavaScript
The following version is easier for injection (XSS):
And the following is simply a more aggressive version of the above:
We’re now going to build on the introduction to batch files. Make sure you’ve got a VM all set up and running.
And here is the fork bomb:
Hidden Content
Yes, this is it. The above is a shorter alternative for the following more comprehensible code:
Hidden Content
Hidden Content
And finally goto s brings us back to the top, forming a loop.
So every time the loop is run another instance of the same program is started and then both of them run together and again duplicate themselves and so on.
Every program doubling itself is a form of exponential growth. After one iteration of the loop, two programs (21) are created. After another cycle, each of those two create another two for a total of four (22). After 10 iterations we have 1024 (210) instances of our little batch file. After 100 iterations we have 2100 = 1.267 nonillion, a number so big you don’t even know what ‘nonillion’ is (It’s 1030).
The first instance will likely not even complete 50 iterations before the system grinds to a halt and crashes. For such a simple script, each individual iteration would hardly take a few milliseconds, so the first few iterations complete very quickly and soon it becomes more than what the computer can handle.
Is there a way to protect against fork bombs? Yup.
Any antivirus worth it’s salt would be able to scan this suspicious executable file and warn the user before execution. As a fork bomb’s mode of operation is entirely dependent on being able to create new processes, one way of preventing a fork bomb from severely affecting the entire system is to limit the maximum number of processes that a single user may own. On Linux, this can be achieved by using the ulimit utility; for example, the command ulimit -u 30 would limit the affected user to a maximum of thirty owned processes.
And so we have our first little virus under our belt. Head over to the next one to continue or scroll down if you’re interested in checking out the code for fork bomb in other common languages.
Bash
Hidden Content
Python
Hidden Content
Java
Hidden Content
Ruby
Hidden Content
C
Hidden Content
JavaScript
Hidden Content
The following version is easier for injection (XSS):
Hidden Content
And the following is simply a more aggressive version of the above:
Hidden Content