Re: Javascript encryption for ie_aurora exploit

[Brian Milliron <antechrist () io com>]

Can you give us the syntax needed to use your encryption module?


> Hi All,
>
> Some time ago I contributed a patch for javascript encryption used
> with the msvidctl_mpeg2 exploit to circumvent AV detection:
> http://www.metasploit.com/redmine/projects/framework/repository/revisions/6784
>
> On my test systems the encoder works without any problems for the
> ie_aurora exploit (see the attached patch).
> Virustotal detection drops from 12 to 0 (The detection for the
> msvidctl_mpeg2 exploit is also still 0).
>
> I tested this successfully against one live AV installation - as
> virustotal only performs static analysis, it would be great if someone
> with a test environment with many different AV products could test if
> the encryption bypasses them too.
>
> - L4teral
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework