Javascript encryption for ie_aurora exploit

[L4teral <l4teral () gmail com>]

Hi All,

Some time ago I contributed a patch for javascript encryption used
with the msvidctl_mpeg2 exploit to circumvent AV detection:
http://www.metasploit.com/redmine/projects/framework/repository/revisions/6784

On my test systems the encoder works without any problems for the
ie_aurora exploit (see the attached patch).
Virustotal detection drops from 12 to 0 (The detection for the
msvidctl_mpeg2 exploit is also still 0).

I tested this successfully against one live AV installation - as
virustotal only performs static analysis, it would be great if someone
with a test environment with many different AV products could test if
the encryption bypasses them too.

- L4teral

Attachment: ie_aurora_jsencode.patch
Description:

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework