Crash a Browser with a Script – Fork Bombing Explained
Fork bombing is similar to causing a memory leak with a script recursively calling itself––instead of doing recursive operations, you make copies of (fork) the process every iteration until you exhaust the system’s memory, causing a Denial of Service attack.
The infamous :(){ :|: & };:
bash script is an example of a fork bomb on Linux machines.
Disclaimer: Don’t try it on your primary machine. You will suffer! Use a VM or a sandbox computer to do all this.
Crash a browser with JavaScript
Browsers are vulnerable to DoS in a lot of ways. You can write a simple script that recursively creates a pop-up box or create DOM elements until it eventually consumes all the memory and crashes.
while (true) { alert("hello evil world!"); }
Modern browsers have preventive measures for erratic scripts like this and offer you the option to terminate them. But if you are serious about forcing a memory leak in your browser (and eventually your system) you can flood your history using the `history.pushState` API in a recursive loop and watch your system sputter out and writhe in pain. Or, you can recursively spawn processes the same way to create a fork bomb.
Force a memory leak on windows with a fork bomb
Like the :(){ :|: & };:
on bash, you can (don’t!) use %0|%0
in a batch file and execute it. This will recursively call the process and cause a kernel hang with no options to access the task manager.
This post was first published on August 7, 2014.
Did not know I can do this on Windows! Thanks.
I DoSd myself when trying it out. SMH