Metasploit mailing list archives
Re: Javascript encryption for ie_aurora exploit
From: Brian Milliron <antechrist () io com>
Date: Thu, 11 Feb 2010 13:43:54 -0600
Can you give us the syntax needed to use your encryption module?
Hi All, Some time ago I contributed a patch for javascript encryption used with the msvidctl_mpeg2 exploit to circumvent AV detection: http://www.metasploit.com/redmine/projects/framework/repository/revisions/6784 On my test systems the encoder works without any problems for the ie_aurora exploit (see the attached patch). Virustotal detection drops from 12 to 0 (The detection for the msvidctl_mpeg2 exploit is also still 0). I tested this successfully against one live AV installation - as virustotal only performs static analysis, it would be great if someone with a test environment with many different AV products could test if the encryption bypasses them too. - L4teral
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Javascript encryption for ie_aurora exploit L4teral (Feb 11)
- Re: Javascript encryption for ie_aurora exploit Brian Milliron (Feb 11)
- Re: Javascript encryption for ie_aurora exploit L4teral (Feb 11)
- Re: Javascript encryption for ie_aurora exploit Brian Milliron (Feb 11)