Java AtomicReferenceArray Type exploit and java meterpreter question

[Miguel Rios <miguelrios35 () yahoo com>]

Hi everyone,

1) Been playing around with the Java AtomicReferenceArray Type exploit that was recently added.
It works rather well in my tests but it seems to be picked up by most AVs by now. Is there a way to apply obfuscation 
through the framework for AV bypass?
Looking at the exploit it seems that the cve-2012-0507-jar used is immediately picked up by AV. Looking inside the jar 
it seems that AV (Avira in my test) picks up the Help.class as EXP/Java.Carbul.Gen while the Exploit.class gets flagged 
as EXP/CVE-2012-0507 and Payloadx.class gets flagged as EXP/CVE-2012-0507.H. Notice that the Payloadx.class detection 
has an H at the end. The only class that seems clean (again I'm testing on Avira) is the PayloadX$StreamConnector.class.
Now before I spend too much time trying to figure this out, is it even possible to bypass AVs by encrypting or 
obfuscating the jar by using something like http://zenofx.com/classguard/? Anyone tried it before or know of a 
different freeware or open source solution? Or am I going about this the wrong way and there's a simpler solution?

2) Also, slightly off topic but I noticed that java/meterpreter doesn't handle windows environment variables like 
%temp% and so forth. This means that when using multicommand to say upload a binary and then execute it one needs to 
know the user's permissions and working directory and there's a lot of trial and guessing going on. Since most users 
have permissions in the %temp% directory, it's a good directory to upload to and execute in after a successful exploit. 
Is there a way to implement this without having to spell out the full path?

Thanks

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework