module
Gzip Memory Bomb Denial Of Service
| Disclosed | Created |
|---|---|
| Jan 1, 2004 | May 30, 2018 |
Disclosed
Jan 1, 2004
Created
May 30, 2018
Description
This module generates and hosts a 10MB single-round gzip file that decompresses to 10GB.
Many applications will not implement a length limit check and will eat up all memory and
eventually die. This can also be used to kill systems that download/parse content from
a user-provided URL (image-processing servers, AV, websites that accept zipped POST data, etc).
A FILEPATH datastore option can also be provided to save the .gz bomb locally.
Some clients (Firefox) will allow for multiple rounds of gzip. Most gzip utils will correctly
deflate multiple rounds of gzip on a file. Setting ROUNDS=3 and SIZE=10240 (default value)
will generate a 300 byte gzipped file that expands to 10GB.
Many applications will not implement a length limit check and will eat up all memory and
eventually die. This can also be used to kill systems that download/parse content from
a user-provided URL (image-processing servers, AV, websites that accept zipped POST data, etc).
A FILEPATH datastore option can also be provided to save the .gz bomb locally.
Some clients (Firefox) will allow for multiple rounds of gzip. Most gzip utils will correctly
deflate multiple rounds of gzip on a file. Setting ROUNDS=3 and SIZE=10240 (default value)
will generate a 300 byte gzipped file that expands to 10GB.
Authors
info info@aerasec.de
joev joev@metasploit.com
joev joev@metasploit.com
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.