Windows/x86 (5.0 < 7.0) - Speaking 'You got pwned!' + Null-Free Shellcode

EDB-ID:

15879

CVE:

N/A


Platform:

Windows_x86

Published:

2010-12-31

A null-free shellcode for 32-bit versions of Windows 5.0-7.0 all service packs that uses Microsoft Speech API to say "You got pwned!" over the speakers. Includes optional code that fixes stack alignment (adds 5 bytes) and bypasses EAF (adds 29 bytes).

Features:

NULL Free
Windows version and service pack independant.
No assumptions are made about the values of registers.
"/3GB" compatible: pointers are not assume to be smaller than 0x80000000.
DEP/ASLR compatible: data is not executed, code is not modified.
Windows 7 compatible: kernel32 is found based on the length of its name

Download:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/15879.zip (w32-speaking-shellcode.zip)