README.md 3.9 KB
AddTaskScheduler
This tool can be used to create a scheduled task on the current system or a remote host. It supports multiple trigger options.
As a rule of thumb, setting a scheduled task for any user but yourself, requires elevated privileges. Furthermore, the tool returns error codes if the operation fails. The most common error codes are: 80070005 (not enough privileges), 80041318/80041319 (most likely you made a typo in one of the input fields), and 80070002 (scheduled task doesn't exist).
Basic parameters
taskName: The name of the scheduled task.hostName: Specify""for the current system or the FQDN of the remote host:DB01.example.local.programPath: Path to the program that you want to run like:C:\Windows\System32\cmd.exe.programArguments: Arguments that you want to pass to the program like:"/c C:\Windows\System32\calc.exe"or""to leave it empty.triggerType: The trigger that signals the execution like:onetime,daily,logon,startup,lock,unlock. For more information, check the TRIGGER OPTIONS below.
Supported trigger options
onetime: Create task with trigger "On a schedule: one time".daily: Create task with trigger "On a schedule: daily."logon: Create task with trigger "At log on" (requires admin privs if set for another user or all users).startup: Create task with trigger "At startup" (requires admin privs).lock: Create task with trigger "On workstation lock" (requires admin privs if set for another user or all users).unlock: Create task with trigger "On workstation unlock" (requires admin privs if set for another user or all users).
Trigger specific parameters
startTime: Start time of the trigger in format:2023-03-24T12:08:00.expireTime: Expiration time of the trigger in format:2023-03-24T12:08:00.daysInterval: Interval in number of days. For example:1or3.delay: Random time delay after the start time in which the trigger is hit. Use formatPT2Hfor hours andPT15Mfor minutes.userID: Specify the user for which the trigger is set in format:"DOMAIN\username"for domain users,usernamefor local system users and""for all users (requires admin privs if set for another user or all users).repeatTask: Set "Repeat task every x minutes/hours" option in formatPT2Hwith a duration ofIndefinitely.
Usage
addtaskscheduler <taskName> <(optional) hostName> <programPath> "<(optional) programArguments>" onetime <startTime> <(optional) repeatTask>addtaskscheduler <taskName> <(optional) hostName> <programPath> "<(optional) programArguments>" daily <startTime> <(optional) expireTime> <(optional) daysInterval> <(optional) delay>addtaskscheduler <taskName> <(optional) hostName> <programPath> "<(optional) programArguments>" logon <(optional) userID>addtaskscheduler <taskName> <(optional) hostName> <programPath> "<(optional) programArguments>" startup <(optional) delay>addtaskscheduler <taskName> <(optional) hostName> <programPath> "<(optional) programArguments>" lock <(optional) userID> <(optional) delay>addtaskscheduler <taskName> <(optional) hostName> <programPath> "<(optional) programArguments>" unlock <(optional) userID> <(optional) delay>
Examples
addtaskscheduler TestTask "" C:\Windows\System32\cmd.exe "/c C:\Windows\System32\calc.exe" daily 2023-03-24T12:08:00 2023-03-28T12:14:00 1 PT2Haddtaskscheduler NewTask DB01.example.local C:\Users\Public\Downloads\legit.exe "" logon Testdomain\Administratoraddtaskscheduler OneDrive "" C:\Data\OneDrive.exe "" unlock "" PT5M
Compile
- 1. Make sure Visual Studio is installed and supports C/C++.
- 2. Open the
x64 Native Tools Command Prompt for VS <2019/2022>terminal. - 3. Run the
bofcompile.batscript to compile the object file. - 4. In Cobalt strike, use the script manager to load the .cna script to import the tool.