Metasploit mailing list archives
Javascript encryption for ie_aurora exploit
From: L4teral <l4teral () gmail com>
Date: Thu, 11 Feb 2010 19:52:13 +0100
Hi All, Some time ago I contributed a patch for javascript encryption used with the msvidctl_mpeg2 exploit to circumvent AV detection: http://www.metasploit.com/redmine/projects/framework/repository/revisions/6784 On my test systems the encoder works without any problems for the ie_aurora exploit (see the attached patch). Virustotal detection drops from 12 to 0 (The detection for the msvidctl_mpeg2 exploit is also still 0). I tested this successfully against one live AV installation - as virustotal only performs static analysis, it would be great if someone with a test environment with many different AV products could test if the encryption bypasses them too. - L4teral
Attachment:
ie_aurora_jsencode.patch
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Javascript encryption for ie_aurora exploit L4teral (Feb 11)
- Re: Javascript encryption for ie_aurora exploit Brian Milliron (Feb 11)
- Re: Javascript encryption for ie_aurora exploit L4teral (Feb 11)
- Re: Javascript encryption for ie_aurora exploit Brian Milliron (Feb 11)