Thursday, September 16, 2010

Combining the Quicktime "Marshaled_pUnk" exploit with JSidle

The Quicktime "Marshaled_pUnk" exploit works well with a Javascript packer to circumvent AV detection as it solely relies on Javascript code. Quite often a web based exploit needs a special setting (HTML objects, data files etc.) beside the Javascript code and therefore makes it easier to create an AV signature.

The current metasploit module for the exploit (see here) has a detection rate of 14/43 on VirusTotal.
After changing a few lines to use the JSidle packer (patches on github) the detection drops to zero, no further customization needed.

As the packer is available for over 2 months now, it seems to work quite well.

4 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. This was huge information for all those who need this. That was a really good blog and of course knowledgeable. Thank you for sharing this much information with us. Case Packers

    ReplyDelete
  3. I always like your article because you have provide every time informative post..new whatsapp plus download free pc

    ReplyDelete
  4. I'd like to express my gratitude for writing such an informative piece on this blog about Robotic Case Packaging Systems This article provided me with a variety of data. Continue to post.

    ReplyDelete