.zip bombs are still live!

[bad_brain]

we all remember the good ol' zip bombs, right?

I asked myself if those are still around in the days of TB drives, 16 core CPUs and stuff....and yes they are! the article is also quite interesting:

https://www.bamsoftware.com/hacks/zipbomb/" onclick="window.open(this.href);return false;

[Gogeta70]

Hah, nice! I've never really played around with zip bombs and I never dared try unzipping one

Can't say I see much of a point to them these days though. I mean it'll either fill up your hard drive space with a giant useless file (solved by rm ./giant.useless.file) or it'll eat all your VM and cause you to go into page-swapping hell and probably freeze up your desktop. This is much less of an issue if you have an SSD, and can be avoided completely on linux with ulimit (limit per-process memory usage).

Am I missing something here?

[bad_brain]

back in the good ol' days zip bombs were mostly used to hide other malware I guess, the OS and AVs simply couldn't deal with the size.....which was pretty easy to achieve on a file system with a 4GB file size limit...) should be much different now with NTFS, so it's more a PoC thingy nowadays I guess....have a look at this one: http://michaelwehar.com/quines/" onclick="window.open(this.href);return false;