Posted On:February 2013 - Pentest Geek

standard

Scheduled tasks with S4U and on demand persistence

2013/02/11 - By 

Github module [1, 2]

I came across an interesting article by scriptjunkie (which you should really read) about running code on a machine at any time using service-for-user. By changing one line in the export XML of a scheduled task you effectively get a scheduled task that can run whether or not a user is logged in, whether or not the system reboots, whether or not you have the user’s password, run as a limited user, and doesn’t require bypassing UAC! This isn’t an interactive logon but can still be very useful in certain situations.

This works with any user with logon as batch job. While scriptjunkies blog post only showed altering a basic task scheduled to run every hour, it is possible to create more complex triggers based off a variety of things to make a more flexible trigger for your payload. Some of the triggers can even be used to replicate functionality for non-privileged accounts that are usually restricted. Some can even be used to trigger a scheduled task remotely from only your IP address.

Read More


Follow Pentest Geek

twitterrssyoutubetwitterrssyoutube

Subscribe to Pentest Geek

Recent Posts

Penetration Testing

Categories

Metasploit

Web Application Hacking

css.php