Carrie Roberts
1bfefdacfc
* provide elevation_required attribute * provide elevation_required attribute * provide elevation_required attribute
72 lines
1.6 KiB
YAML
72 lines
1.6 KiB
YAML
---
|
|
attack_technique: T1053
|
|
display_name: Scheduled Task
|
|
|
|
atomic_tests:
|
|
- name: At.exe Scheduled task
|
|
description: |
|
|
Executes cmd.exe
|
|
Note: deprecated in Windows 8+
|
|
|
|
supported_platforms:
|
|
- windows
|
|
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: false
|
|
command: |
|
|
at 13:20 /interactive cmd
|
|
- name: Scheduled task Local
|
|
description: |
|
|
|
|
supported_platforms:
|
|
- windows
|
|
|
|
input_arguments:
|
|
task_command:
|
|
description: What you want to execute
|
|
type: String
|
|
default: C:\windows\system32\cmd.exe
|
|
time:
|
|
description: What time 24 Hour
|
|
type: String
|
|
default: 20:10
|
|
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: false
|
|
command: |
|
|
SCHTASKS /Create /SC ONCE /TN spawn /TR #{task_command} /ST #{time}
|
|
|
|
- name: Scheduled task Remote
|
|
description: |
|
|
Create a task on a remote system
|
|
supported_platforms:
|
|
- windows
|
|
|
|
input_arguments:
|
|
task_command:
|
|
description: What you want to execute
|
|
type: String
|
|
default: C:\windows\system32\cmd.exe
|
|
time:
|
|
description: What time 24 Hour
|
|
type: String
|
|
default: 20:10
|
|
target:
|
|
description: Target
|
|
type: String
|
|
default: localhost
|
|
user_name:
|
|
description: Username DOMAIN\User
|
|
type: String
|
|
default: DOMAIN\user
|
|
password:
|
|
description: Password
|
|
type: String
|
|
default: At0micStrong
|
|
executor:
|
|
name: command_prompt
|
|
command: |
|
|
SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time}
|