[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : w32-speaking-shellcode
# Published : 2010-12-31
# Author :
# Previous Title : Linux/x86 Remote Port Forwarding Shellcode 87 bytes
# Next Title : generic win32 - add new local administrator 326 bytes

A null-free shellcode for 32-bit versions of Windows 5.0-7.0 all service packs that uses Microsoft Speech API to say "You got pwned!" over the speakers. Includes optional code that fixes stack alignment (adds 5 bytes) and bypasses EAF (adds 29 bytes).


Windows version and service pack independant.
No assumptions are made about the values of registers.
"/3GB" compatible: pointers are not assume to be smaller than 0x80000000.
DEP/ASLR compatible: data is not executed, code is not modified.
Windows 7 compatible: kernel32 is found based on the length of its name