module
Windows WSL via Registry Persistence
| Disclosed |
|---|
| Jan 29, 2022 |
Disclosed
Jan 29, 2022
Description
This module will install a payload in WSL and execute it at user
logon or system startup via the registry value in "CurrentVersion\Run"
or "RunOnce" (depending on privilege and selected method).
The payload will be installed completely in registry.
Staged payloads, like fetch payloads in linux X64 don't tend to work. The payload
will ask for the stage, then submit the HTTP fetch request
and when the payload is sent it doesn't execute.
`cmd/linux/http/x64/meterpreter_reverse_tcp` and unix cmd payloads tend to work.
logon or system startup via the registry value in "CurrentVersion\Run"
or "RunOnce" (depending on privilege and selected method).
The payload will be installed completely in registry.
Staged payloads, like fetch payloads in linux X64 don't tend to work. The payload
will ask for the stage, then submit the HTTP fetch request
and when the payload is sent it doesn't execute.
`cmd/linux/http/x64/meterpreter_reverse_tcp` and unix cmd payloads tend to work.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.