automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit 374074cad5ea · 2025-11-20T14:25:18.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -199675,6 +199675,59 @@
     "needs_cleanup": null,
     "actions": []
   },
+  "exploit_windows/persistence/wsl/registry": {
+    "name": "Windows WSL via Registry Persistence",
+    "fullname": "exploit/windows/persistence/wsl/registry",
+    "aliases": [],
+    "rank": 400,
+    "disclosure_date": "2022-01-29",
+    "type": "exploit",
+    "author": [
+      "Joe Helle",
+      "h00die"
+    ],
+    "description": "This module will install a payload in WSL and execute it at user\n          logon or system startup via the registry value in \"CurrentVersion\\Run\"\n          or \"RunOnce\" (depending on privilege and selected method).\n          The payload will be installed completely in registry.\n\n          Staged payloads, like fetch payloads in linux X64 don't tend to work. The payload\n          will ask for the stage, then submit the HTTP fetch request\n          and when the payload is sent it doesn't execute.\n\n          `cmd/linux/http/x64/meterpreter_reverse_tcp` and unix cmd payloads tend to work.",
+    "references": [
+      "ATT&CK-T1547.001",
+      "ATT&CK-T1112",
+      "URL-https://medium.themayor.tech/windows-persistence-using-wsl2-8f87e319ea56",
+      "URL-https://lolapps-project.github.io/lolapps/Desktop/wsl/"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd, x64",
+    "rport": null,
+    "autofilter_ports": [],
+    "autofilter_services": [],
+    "targets": [
+      "Automatic"
+    ],
+    "mod_time": "2025-11-20 11:27:34 +0000",
+    "path": "/modules/exploits/windows/persistence/wsl/registry.rb",
+    "is_install_path": true,
+    "ref_name": "windows/persistence/wsl/registry",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Reliability": [
+        "event-dependent",
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "config-changes",
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": [
+      "meterpreter",
+      "shell"
+    ],
+    "needs_cleanup": null,
+    "actions": []
+  },
   "exploit_windows/pop3/seattlelab_pass": {
     "name": "Seattle Lab Mail 5.5 POP3 Buffer Overflow",
     "fullname": "exploit/windows/pop3/seattlelab_pass",
