Escape double quotes with reg_set

[rasta-mouse]

I feel like this is a silly question, but how do you escape double quotes when using reg_set? I tried a few variants.

Command:

reg_set HKCU Software\Microsoft\Windows\CurrentVersion\Run Payload REG_SZ "C:\Path\to\payload.exe" /q /n

Result:

C:\Path\to\payload.exe

Command:

reg_set HKCU Software\Microsoft\Windows\CurrentVersion\Run Payload REG_SZ "\"C:\Path\to\payload.exe\" /q /n"

Result:

\

Command:

reg_set HKCU Software\Microsoft\Windows\CurrentVersion\Run Payload REG_SZ '"C:\Path\to\payload.exe" /q /n'

Result:

'"C:\Path\to\payload.exe"

[freefirex]

After doing some testing myself the initial answer appears to be that we don't.

CS-Remote-OPs-BOF/Remote/Remote.cna

Line 729 in 4ff580b

$value = @_[$i];

^ is where I grab the argument that cobalt strike has tokenized and provided to the alias, at this point that tokenization doesn't appear to handle an escape sequence.

So a fix for this will need some development cycles I don't have at this very moment. Likely needs to be populated through some other commands as well. In short It will likely result in either
a) grabbing all values after the reg_sz and concatinating them togther
b) re-writing command line parsing logic in general for sleep, grabbing the whole command line ourself, then doing our own tokenization.

a) would be fine as a oneoff, but then breaks down for something like reg_multi_sz as I need to know where the tokens start / end, could add in requiring some /item but I don't really like that solution.