Re: Javascript encryption for ie_aurora exploit

[L4teral <l4teral () gmail com>]

I did attach a small patch that integrates it into the ie_aurora
exploit, maybe I should have mentioned it ;-)

The documentation on how to use the encryption module for other
exploits can be found within the module:
http://www.metasploit.com/redmine/projects/framework/repository/revisions/6784/entry/lib/rex/exploitation/encryptjs.rb


On Thu, Feb 11, 2010 at 8:43 PM, Brian Milliron <antechrist () io com> wrote:
> Can you give us the syntax needed to use your encryption module?
>
>
> > Hi All,
> >
> > Some time ago I contributed a patch for javascript encryption used
> > with the msvidctl_mpeg2 exploit to circumvent AV detection:
> > http://www.metasploit.com/redmine/projects/framework/repository/revisions/6784
> >
> > On my test systems the encoder works without any problems for the
> > ie_aurora exploit (see the attached patch).
> > Virustotal detection drops from 12 to 0 (The detection for the
> > msvidctl_mpeg2 exploit is also still 0).
> >
> > I tested this successfully against one live AV installation - as
> > virustotal only performs static analysis, it would be great if someone
> > with a test environment with many different AV products could test if
> > the encryption bypasses them too.
> >
> > - L4teral
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework