Metasploit mailing list archives
Re: Javascript encryption for ie_aurora exploit
From: L4teral <l4teral () gmail com>
Date: Thu, 11 Feb 2010 21:06:23 +0100
I did attach a small patch that integrates it into the ie_aurora exploit, maybe I should have mentioned it ;-) The documentation on how to use the encryption module for other exploits can be found within the module: http://www.metasploit.com/redmine/projects/framework/repository/revisions/6784/entry/lib/rex/exploitation/encryptjs.rb On Thu, Feb 11, 2010 at 8:43 PM, Brian Milliron <antechrist () io com> wrote:
Can you give us the syntax needed to use your encryption module?Hi All, Some time ago I contributed a patch for javascript encryption used with the msvidctl_mpeg2 exploit to circumvent AV detection: http://www.metasploit.com/redmine/projects/framework/repository/revisions/6784 On my test systems the encoder works without any problems for the ie_aurora exploit (see the attached patch). Virustotal detection drops from 12 to 0 (The detection for the msvidctl_mpeg2 exploit is also still 0). I tested this successfully against one live AV installation - as virustotal only performs static analysis, it would be great if someone with a test environment with many different AV products could test if the encryption bypasses them too. - L4teral
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Javascript encryption for ie_aurora exploit L4teral (Feb 11)
- Re: Javascript encryption for ie_aurora exploit Brian Milliron (Feb 11)
- Re: Javascript encryption for ie_aurora exploit L4teral (Feb 11)
- Re: Javascript encryption for ie_aurora exploit Brian Milliron (Feb 11)