Metasploit mailing list archives

Re: New Javascript Packer: JSidle

From: Spring Systems <korund () hotmail com>
Date: Sat, 10 Jul 2010 13:26:36 +0000


Thanks for good addon. 
The JSidle packer conception based on delivering script with time delay? Will this affect on the execution speed of 
exploit? 

The other good thing would be to implement the polymorphic encryption algorithm, to make the Javascript codes that can 
transmute and protect themselves. 
This will provide very good protection.

Regards,
spring

Date: Sat, 10 Jul 2010 00:34:49 +0200
From: sven.taute () gmail com
To: framework () spool metasploit com
Subject: [framework] New Javascript Packer: JSidle

Hi all,

I developed a new javascript packer that should solve the current
problems with AV detection and perform better than the existing
obfuscators.
It uses some new concepts explained in a blog post and in more detail
in the latest Issue of the HITB magazine:
http://relentless-coding.blogspot.com/2010/07/new-javascript-packer-jsidle.html
http://magazine.hitb.org

The code is available here: http://github.com/svent/jsidle
Patches for Metasploit: http://github.com/svent/jsidle/tree/master/metasploit/

I patched two existing exploit modules to show the usage, the aurora
exploit for web-based ones and the adobe_geticon exploit to show the
usage for PDF files.
The javascript part of web-based exploits should not be detected by AV
(using static analysis). Virustotal detection for the PDF dropped from
17/41 to 9/41 - as obfuscation is not that common in PDF files, some
scanners still flag the file as suspicious using a generic detection.

- Sven
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

                                          
_________________________________________________________________
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

New Javascript Packer: JSidle Sven Taute (Jul 09)
- Re: New Javascript Packer: JSidle Spring Systems (Jul 10)
  - Re: New Javascript Packer: JSidle Miguel Rios (Jul 10)
    - Re: New Javascript Packer: JSidle Jonathan R (Jul 10)
    - Re: New Javascript Packer: JSidle John Strand (Jul 10)
    - Re: New Javascript Packer: JSidle Spring Systems (Jul 11)
    - Re: New Javascript Packer: JSidle Thierry Zoller (Jul 11)
    - Re: New Javascript Packer: JSidle Spring Systems (Jul 11)
    - Re: New Javascript Packer: JSidle Miguel Rios (Jul 11)
    - Re: New Javascript Packer: JSidle Sven Taute (Jul 12)
    - Re: New Javascript Packer: JSidle Miguel Rios (Jul 13)
    - Re: New Javascript Packer: JSidle Thorgul (Jul 13)

(Thread continues...)