metasploit-framework July 2010 archive
Main Archive Page > Month Archives  > metasploit-framework archives
metasploit-framework: [framework] New Javascript Packer: JSidle

[framework] New Javascript Packer: JSidle

From: Sven Taute <sven.taute_at_nospam>
Date: Fri Jul 09 2010 - 22:34:49 GMT

Hi all,

I developed a new javascript packer that should solve the current
problems with AV detection and perform better than the existing
It uses some new concepts explained in a blog post and in more detail
in the latest Issue of the HITB magazine:

The code is available here:
Patches for Metasploit:

I patched two existing exploit modules to show the usage, the aurora
exploit for web-based ones and the adobe_geticon exploit to show the
usage for PDF files.
The javascript part of web-based exploits should not be detected by AV
(using static analysis). Virustotal detection for the PDF dropped from
17/41 to 9/41 - as obfuscation is not that common in PDF files, some
scanners still flag the file as suspicious using a generic detection.

- Sven