Skip to content

update windows sticky keys to persistence mixin #20751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
h00die wants to merge 3 commits into
base: master
Choose a base branch
from
Open

update windows sticky keys to persistence mixin #20751

h00die wants to merge 3 commits into from
+285 −128

Conversation

@h00die
Copy link
Contributor

@h00die h00die commented Dec 5, 2025
edited
Loading

Updates the windows sticky keys post persistence to the new mixin, Part of #20374

Verification

  • Start msfconsole
  • exploit the box somehow
  • use exploit/windows/persistence/accessibility_features_debugger
  • set SESSION <id>
  • exploit
  • Verify persistence is created, and you get a new session if apt is run
  • Verify cleanup works
  • Document is updated and correct

@h00die
Copy link
Contributor Author

h00die commented Dec 5, 2025

Leaving this on draft as I just discovered ATT&CK shows a few more potential exe to target: https://attack.mitre.org/techniques/T1546/008/

@h00die
Copy link
Contributor Author

h00die commented Dec 6, 2025

@OJ I left the module name, but feel like this could use a rename. Stick keys itself is only one of 6 strategies here, maybe something like "accessibility_features_registry"? Thoughts?

@OJ
Copy link
Contributor

OJ commented Dec 7, 2025

@h00die I'm certainly not tied to the name mate. The O.G module focused on that strategy, but it's certainly gone beyond that. The name you've suggested works for me!

@h00die h00die marked this pull request as ready for review December 7, 2025 12:41
@OJ
Copy link
Contributor

OJ commented Dec 7, 2025

Is there some way we can alias the old one to the new one ?

@h00die
Copy link
Contributor Author

h00die commented Dec 7, 2025 

msf exploit(multi/script/web_delivery) > use post/windows/manage/sticky_keys
[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
[!] *               The module post/windows/manage/sticky_keys has been moved!               *
[!] *       You are using exploit/windows/persistence/accessibility_features_debugger        *
msf exploit(post/windows/manage/sticky_keys) >

from: https://github.com/rapid7/metasploit-framework/pull/20751/files#diff-e4e8742989704cc6317314c916d7c2e1709fc392246de9fcdfbfc3cb87974452R15-R16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

docs enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@h00die @OJ