w32-speaking-shellcode

EDB-ID: 15879 CVE: N/A OSVDB-ID: N/A
Verified: Author: Skylined Published: 2010-12-31
Download Exploit: Source Raw Download Vulnerable App: N/A
A null-free shellcode for 32-bit versions of Windows 5.0-7.0 all service packs that uses Microsoft Speech API to say "You got pwned!" over the speakers. Includes optional code that fixes stack alignment (adds 5 bytes) and bypasses EAF (adds 29 bytes).

Features:

NULL Free
Windows version and service pack independant.
No assumptions are made about the values of registers.
"/3GB" compatible: pointers are not assume to be smaller than 0x80000000.
DEP/ASLR compatible: data is not executed, code is not modified.
Windows 7 compatible: kernel32 is found based on the length of its name

Download:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/w32-speaking-shellcode.zip