This module generates and hosts a 10MB single-round gzip file that decompresses to 10GB. Many applications will not implement a length limit check and will eat up all memory and eventually die. This can also be used to kill systems that download/parse content from a user-provided URL (image-processing servers, AV, websites that accept zipped POST data, etc). A FILEPATH datastore option can also be provided to save the .gz bomb locally. Some clients (Firefox) will allow for multiple rounds of gzip. Most gzip utils will correctly deflate multiple rounds of gzip on a file. Setting ROUNDS=3 and SIZE=10240 (default value) will generate a 300 byte gzipped file that expands to 10GB.
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security