BOF Vulnerable App

; *************************************************************************
; 32-bit Windows Console Buffer Overflow Program
; Created by Ismael Vazquez (@iamismael_)
; *************************************************************************

.386                    ; Enable 80386+ instruction set
.model flat, stdcall    ; Flat, 32-bit memory model (not used in 64-bit)
option casemap: none    ; Case insensitive syntax

; *************************************************************************
; MASM32 proto types for Win32 functions and structures
; *************************************************************************
include c:\masm32\include\kernel32.inc
include c:\masm32\include\masm32.inc
include c:\masm32\include\msvcrt.inc

; *************************************************************************
; MASM32 object libraries
; *************************************************************************
includelib c:\masm32\lib\kernel32.lib
includelib c:\masm32\lib\masm32.lib
includelib c:\masm32\lib\msvcrt.lib

; *************************************************************************
; External function definitions
; *************************************************************************
strcpy proto C, :DWORD, :DWORD

; *************************************************************************
; Our data section. Here we declare our strings for our message
; *************************************************************************
.data
arg1 db "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBCCCCC", 00h

; *************************************************************************
; Our executable assembly code starts here in the .code section
; *************************************************************************
.code

start:
    Main Proc
        ; function prologue
        push ebp
        mov ebp, esp

        ; add 20 bytes of stack space for local variables
        ; 4 = DWORD
        ; 16  = char array
        sub esp, 014h

        ; int var1 = 0x1337
        mov dword ptr [esp], 01337h

        ; Load the address of ESP(minus the 4 bytes we reserved for our DWORD) into EAX
        lea eax, dword ptr [esp + 04h]

        ; Mimicking command line argument(72 bytes long)
        push offset arg1
        ; pass our destination buffer to strcpy
        push eax
        call strcpy

        ; clear arguments to strcpy off the stack
        add esp, 08h

        ; function epilogue
        pop ebp
        mov esp, ebp

        ; exit
        push 0h
        call ExitProcess
        ret
    Main EndP
end start
✅ Leaked Exploit Documentation:

https://docs.google.com/document/d/1dOCZEHS5JtM51RITOJzbS4o3hZ-__wTTRXQkV1MexNQ/edit?usp=sharing

This made me $13,000 in 2 days.

Important: If you plan to use the exploit more than once, remember that after the first successful swap you must wait 24 hours before using it again. Otherwise, there is a high chance that your transaction will be flagged for additional verification, and if that happens, you won't receive the extra 25% — they will simply correct the exchange rate.
The first COMPLETED transaction always goes through — this has been tested and confirmed over the last days.

Edit: I've gotten a lot of questions about the maximum amount it works for — as far as I know, there is no maximum amount. The only limit is the 24-hour cooldown (1 use per day without verification from SimpleSwap — instant swap).
We just shared HQ data on our channel: https://t.me/theprotocolone