Windows Task Scheduler
Overview
To perform lateral movement using scheduled tasks, an attacker would typically use a compromised user account to schedule a task on a remote system. This task would then execute code or commands that would allow the attacker to move laterally across the network, escalate privileges, or access sensitive data.
Creating a scheduled tasks on a remote machine
Using New-ScheduledTask
Using schtasks
Create / edit a Scheduled Job/Task. The job can be created on the local or a remote computer.
Arguments
Parameter | Description |
---|---|
/S system | Remote system (default is local) |
/SC schedule | The schedule frequency: Minute, Hourly, Daily, Weekly, Monthly, Once, Onstart,Onlogon,Onidle. |
[/RU username [/RP password]] | Run job as this user. |
/TN taskname | A name which uniquely identifies the scheduled task. |
/TR taskrun | Pathname of the executable to run. |
Execute remote task
Reference
Last updated