Giters

nifx28 / ScheduledTask

For testing purposes only.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ScheduledTask

Create Scheduled Task

By add TaskScheduler COM Type Library through Add References dialog box, you can use any functions provided by operating system.

ElevatedPrivileges

This part of functions highly inspired by How to bypass UAC in newer Windows versions.

Some handy PowerShell Script

Add-Type -TypeDefinition ([IO.File]::ReadAllText("$pwd\ElevatedPrivileges.cs")) -ReferencedAssemblies "System.Windows.Forms" -OutputAssembly "ElevatedPrivileges.dll"

[Reflection.Assembly]::Load([IO.File]::ReadAllBytes("$pwd\ElevatedPrivileges.dll"))

If (([Management.Automation.PSTypeName]'ElevatedPrivileges').Type) { [ElevatedPrivileges]::Invoke("C:\ScheduledTask\ScheduledTask.exe") }

[Convert]::ToBase64String((Get-Content -Path .\ElevatedPrivileges.dll -Encoding Byte))

[Reflection.Assembly]::Load([Convert]::FromBase64String("")) | Out-Null

Bibliography

Markdown Cheatsheet · adam-p/markdown-here Wiki

Technique: CMSTP - MITRE ATT&CK™

Technique: Bypass User Account Control - MITRE ATT&CK™

Visual C#

WindowsPrincipal Class (System.Security.Principal) | Microsoft Docs

WindowsIdentity Class (System.Security.Principal) | Microsoft Docs

TaskFolder.RegisterTaskDefinition method - Windows applications | Microsoft Docs

Action object - Windows applications | Microsoft Docs

Stopwatch.StartNew Method (System.Diagnostics) | Microsoft Docs

Process.MainWindowHandle Property (System.Diagnostics) | Microsoft Docs

Windows API

Windows Data Types - Windows applications | Microsoft Docs

Marshaling Data with Platform Invoke | Microsoft Docs

Marshaling Data with COM Interop | Microsoft Docs

How to: Simulate Mouse and Keyboard Events in Code | Microsoft Docs

FindWindowW function | Microsoft Docs

SetForegroundWindow function | Microsoft Docs

ShowWindow function | Microsoft Docs

SendMessage function | Microsoft Docs

WM_KEYDOWN message - Windows applications | Microsoft Docs

WM_KEYUP message - Windows applications | Microsoft Docs

Virtual-Key Codes - Windows applications | Microsoft Docs

Convert.ToBase64String Method (System) | Microsoft Docs

Convert.FromBase64String(String) Method (System) | Microsoft Docs

PowerShell

Get-Alias | Microsoft.PowerShell.Utility | Microsoft Docs

Get-Content | Microsoft.PowerShell.Management | Microsoft Docs

Out-Null | Microsoft.PowerShell.Core | Microsoft Docs

Add-Type | Microsoft.PowerShell.Utility | Microsoft Docs

About

For testing purposes only.

License:MIT License

Languages

Language:C# 100.0%