🔍 Search

How to Make a Zip Bomb?

Zip Bomb

Table of Contents

This ethical hacking guide explains what a zip bomb is, how it works, its history, and how to make one on Windows and Linux.

What is a Zip Bomb?

A zip bomb, also known as a decompression bomb or zip of death, is a harmful archive file. It overloads systems by taking advantage of how they extract compressed files.

Key Characteristics

  • Highly compressed files (e.g., 10 KB ZIP expands to 1 TB)
  • Recursive compression (nested archives that trigger further extraction)
  • Intentional system overload (targeting RAM, CPU, and storage)
  • Bypasses security scans (appearing harmless until decompressed)

When the victim tries to open the Zip bomb, it reveals many nested archives. Each archive has larger files inside. As a result, the victim's system resources are quickly exhausted, causing the system to crash or slow down.

History of Zip Bombs

They have been in existence for many decades, and have evolved along with advances in technology and cyber security. Researchers trace the concept back to the early days of compression algorithms and archive file formats, such as ZIP, RAR, and 7z.

One of the earliest examples was the 42.zip file, created in the late 1990s. It was a relatively small archive file that, when decompressed, expanded into an enormous 4.5 petabytes of data. At the time, this was an impractical joke rather than a serious threat since storage and processing power were limited.

However, as technology advanced, so did the potential for decompression bombs to become more disruptive.

How Does a Zip Bomb Work?

To understand the methodology, it is necessary to understand the compression algorithms and the theory behind archive file formats. The ZIP format is the most common target for Zip bombs. However, similar ideas can also apply to other formats like RAR or 7z.

Compression algorithms aim to reduce file sizes by identifying recurring patterns and redundancies in data. Someone replaces these patterns with shorter references or codes. During decompression, the process reconstructs the original data by reversing these transformations.

A Zip bomb exploits the recursive nature of compression algorithms. Here's a simplified step-by-step explanation of how it operates:

  1. The attacker creates a ZIP archive containing several nested layers of compressed files.
  2. Each nested layer becomes smaller than the one before. This helps decompression software keep expanding the archive.
  3. When the victim opens or decompresses the Zip bomb, the decompression process begins. As the nested layers are sequentially unpacked, the archive's apparent size increases exponentially.
  4. Eventually, the decompression process consumes an overwhelming amount of memory and system resources, causing system instability, crashes, or slowdowns.

Designers make zip bombs that look like small files at first. This makes them tempting for victims to open or decompress. Their real danger comes from their ability to grow larger during decompression. Because of this, they are called decompression bombs.

How to Make a Zip Bomb?

Here are the simple steps:

  • Step-1: Open any text editor and type Space (' ') and save the file as 'a.txt'

  • Step-2: Copy and paste spaces (' ') as many times as possible until the file is of significant size (2 to 3MB). Then save the file.

  • Step-3: Make 100+ copies of 'a.txt' in the same folder.

  • Step-4: Open command prompt in the same folder and enter the command below to combine all the text files into one. Save it as 'b.txt'. copy /b *.txt b.txt

  • Step-5: Repeat steps 3 and 4 to create an even larger text file of 2 to 3 GB and save it as 'c.txt'.

  • Step-6: Compress the text file 'c.txt' using WinZip, WinRAR or 7-Zip and save it as 'smallbomb.zip'.

  • Step-7: Make several copies of 'smallbomb.zip' then add them all into one final archive and save it as 'bomb.zip' and your Zip Bomb is ready.

Make sure not to open it later 😉

Create Zip Bomb Command in Linux

You can always create one from the command line on Linux using the command below: dd if=/dev/zero/ bs=1000 count=1000000 | gzip > zipbomb.gz

Summary

Zip bombs are not viruses or malware. However, they can overwhelm systems. This makes them an important topic in cyber security and ethical hacking.

They can be like hidden troublemakers in files, causing computer problems when you least expect them. To stay safe, use good antivirus software, be cautious with large files that may contain malware, and only open files from sources you trust.

When using archive files, keep track of compression, use passwords when needed, and stay organized with clear file names. With these precautions, you can protect yourself from malicious archive files and other sneaky threats in the digital world.

Like this Article? Please Share & Help Others: