Skip to content

Introduction#

Windows Scheduled Tasks allow for the periodic execution of scripts. These can be manually enumerated via the following command:

schtasks /query /fo LIST /v

A scheduled task is of interest when it is executed with elevated privileges but we have write access to the script it executes.

![[res/Scheduled CleanUp.png]]

![[res/Scheduled CleanUp Contents.png]]

This script is fairly simple, so we can just append a line to it which executes a malicious executable.

![[res/Modified CleanUp Script.png]]

When the time for the scheduled task comes, we will catch an elevated shell.

![[res/Shell.png]]