A null-free shellcode for 32-bit versions of Windows 5.0-7.0 all service packs that uses Microsoft Speech API to say "You got pwned!" over the speakers. Includes optional code that fixes stack alignment (adds 5 bytes) and bypasses EAF (adds 29 bytes).

Features:

NULL Free

Windows version and service pack independant.

No assumptions are made about the values of registers.

"/3GB" compatible: pointers are not assume to be smaller than 0x80000000.

DEP/ASLR compatible: data is not executed, code is not modified.

Windows 7 compatible: kernel32 is found based on the length of its name

Download:

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15879.zip (w32-speaking-shellcode.zip)