[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : w32-speaking-shellcode
# Published : 2010-12-31
# Author :
# Previous Title : Linux/x86 Remote Port Forwarding Shellcode 87 bytes
# Next Title : generic win32 - add new local administrator 326 bytes
A null-free shellcode for 32-bit versions of Windows 5.0-7.0 all service packs that uses Microsoft Speech API to say "You got pwned!" over the speakers. Includes optional code that fixes stack alignment (adds 5 bytes) and bypasses EAF (adds 29 bytes).
Features:
NULL Free
Windows version and service pack independant.
No assumptions are made about the values of registers.
"/3GB" compatible: pointers are not assume to be smaller than 0x80000000.
DEP/ASLR compatible: data is not executed, code is not modified.
Windows 7 compatible: kernel32 is found based on the length of its name
Download:
http://www.exploit-db.com/sploits/w32-speaking-shellcode.zip