Scheduled Tasks

MITRE ATT&CK™ Scheduled Task/Job - Technique T1053.002

Theory

Windows scheduled tasks can also be leveraged to run arbitrary commands since they execute a command when started.

Practice

On windows, we can use the built in schtasks.exe binary to remotely interact with services

#Create a Task
schtasks /RU "SYSTEM" /create /tn "MyTask" /tr "<command/payload to execute>" /sc ONCE /sd 01/01/1970 /st 00:00 

#Run It 
schtasks /run /TN "MyTask" 

#Delete a Task
schtasks /TN "MyTask" /DELETE /F

You may want to check this page for remote scheduled tasks execution :

Scheduled Tasks (ATSVC)

Last updated 1 year ago