automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit 04b08fb5450c · 2025-07-24T10:37:43.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -164111,6 +164111,54 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_windows/fileformat/windows_registration_entries": {
+    "name": "Malicious Windows Registration Entries (.reg) File",
+    "fullname": "exploit/windows/fileformat/windows_registration_entries",
+    "aliases": [],
+    "rank": 500,
+    "disclosure_date": "1995-08-24",
+    "type": "exploit",
+    "author": [
+      "bcoles <bcoles@gmail.com>"
+    ],
+    "description": "This module creates a Windows Registration Entries (.reg) file which\n          adds the specified payload to the Windows Registry. The payload runs\n          upon Windows login for the current user. If the user has elevated\n          privileges when opening the file, the payload will run upon login\n          when any user logs in.\n\n          The user will receive a warning prompt to confirm Registry changes\n          when opening the file.",
+    "references": [
+      "URL-https://support.microsoft.com/en-us/topic/how-to-add-modify-or-delete-registry-subkeys-and-values-by-using-a-reg-file-9c7f37cf-a5e9-e1cd-c4fa-2a26218a1a23",
+      "URL-https://learn.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys",
+      "URL-https://learn.microsoft.com/en-us/windows-hardware/drivers/install/runonce-registry-key",
+      "ATT&CK-T1204.002",
+      "ATT&CK-T1547.001"
+    ],
+    "platform": "Windows",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": [],
+    "autofilter_services": [],
+    "targets": [
+      "Microsoft Windows 2000 or newer"
+    ],
+    "mod_time": "2025-07-13 23:41:59 +0000",
+    "path": "/modules/exploits/windows/fileformat/windows_registration_entries.rb",
+    "is_install_path": true,
+    "ref_name": "windows/fileformat/windows_registration_entries",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session",
+        "event-dependent"
+      ],
+      "SideEffects": [
+        "screen-effects"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_windows/fileformat/winrar_ace": {
     "name": "RARLAB WinRAR ACE Format Input Validation Remote Code Execution",
     "fullname": "exploit/windows/fileformat/winrar_ace",
