-
Notifications
You must be signed in to change notification settings - Fork 245
New Scheduled Task
h4wkst3r edited this page Jul 17, 2019
·
1 revision
This persistence technique will create a new scheduled task based on the parameters specified by the user. In this module, you will provide a scheduled task name, and a system command to execute.
- Non-admin privileges (creating scheduled task that triggers hourly or daily)
- Admin privileges (creating scheduled task that triggers at logon)
- -c - command to execute
- -a - arguments to command to execute (if applicable)
- -n - scheduled task name
- -m - method (add, remove, check, list)
- -o - optional add-on for frequency (logon, daily, hourly) if applicable
- The task will be ran under the context of the user that created it. Unless task is created to be triggered at logon (requires admin privs) then it will run as SYSTEM.
- If no optional add-on for frequency (-o) is specified, then task will be created for daily trigger that will trigger between 10am and 12pm local time.
- Scheduled task is deleted
Adding New Scheduled Task Persistence Trigger (triggers daily by default with no frequency specified)
SharPersist -t schtask -c "C:\Windows\System32\cmd.exe" -a "/c calc.exe" -n "Some Task -m add
SharPersist -t schtask -c "C:\Windows\System32\cmd.exe" -a "/c calc.exe" -n "Some Task -m add -o logon
SharPersist -t schtask -n "Some Task" -m remove
SharPersist -t schtask -c "C:\Windows\System32\cmd.exe" -a "/c calc.exe" -n "Some Task" -m check
SharPersist -t schtask -m list
SharPersist -t schtask -m list -n "Some Task"
SharPersist -t schtask -m list -o logon