where did kind of dug into baskets pretty heavily. And we did that, as I said for a reason. And one of the things that we are gonna want to do with Bash scripts is scheduled or schedule, even just non bash scripts and regular programs that I prefer scheduling baskets myself
the way we're gonna schedule these things with two possible commands. We could do it with that,
or we can do it with sketch tasks.
These two commands are Windows scheduling tools that are designed to
scheduled it. It's a Z Z sounds are designed to make an application executed a later time. They're primarily used for backups or for troubleshooting maintenance, that sort of thing.
But a lot of computers have tons of these tasks on them,
and so you can easily hide among them.
So, for example, if you know that this user logs off every day or not, logs off but leaves their desk every day for an hour. A 12 because they've got a scheduled luncheon 12 and they don't want to miss it.
If you put your script in to kick up a reverse ah, remote desktop protocol at 12 every day,
then when they kind of get booted off of their session, they won't even notice that they get back in the room. The computer just locked.
Or perhaps if you have a situation where
you know this is admin goes home at five
and this can kick up whatever traffic might have alerted him if he'd been there had been paying attention
at that time where you'll be safe.
So we're gonna look at the tasks that are scheduled.
Well, first we're gonna check at at is the old version of the schedule. Or,
um, it's simpler. Not very useful. You probably won't
finds much, but we can check
eso actually find out what I what is currently scheduled with that you just type at
enter No entries last night. Very useful.
Let's check sketch tasks. Maybe they've got something. Oh, they've got everything
So, as you see, there are all sorts of stuff. There. Auto wakes. There's gadget manager. All of these things
you see here for different shell or different folders, different task names,
they do different things.
Most of them seemed to come from windows. So again, you're looking for a place to stash your stuff.
Microsoft windows. Something probably safe place.
We're really anywhere in the mike in the making A folder.
Aah! These sketched asks you could take out if you were doing information gathering. You could put them in your file that we have been using. I generally don't,
unless I find something interesting where they're doing backups to a specific server. By the time you get to the point of going through sketch task, you've already collected the interesting stuff. This is just kind of
tedious network e details, but you never know. So it's worth glancing through.
we're not here to do that right now. We're here to create a new task.
So let's see how we do that. First we clear so we don't have our screen all cluttered up,
That's what we want to do. Right?
Let's see what Creed has to say.
Okay. Has to say a lot.
Okay. Scroll back. Stopped her to do.
slash s system. What does that mean?
Means the remote system.
If you need to do this, if you need to schedule a task to go on another computer
and you know that your access and currently admin or some account which would actually let you do that
sketch tasks just gained access to the entire network for you
so long. Of course, if they have the executed bols you need on there or even just,
you know, the ability to get those executed was easily. But sketch tasks can. Actually, you can create a task for a remote system you want to access
for 30 seconds from now and bam, you're in.
No, you see username, the user context under which you wanted to execute
the password for that user so we might use the user account the admin account we created recently.
There's an argue, which is a run as user, which is different from the user.
This basically will actually generate up its own
user name under which to run. Rather than just using whatever context you give it. You can actually give it a proper context and then give it a run. As so that will be this user name under this user name,
which is sort of complicated, and it's not really something we want to use right now, but it's doable
and then schedule, says how, after we want to do it,
Um, I'll tell you one of my favorite well, one of the favorites among people in one of my old classes was to every minute spot a calculator.
We were bad people or two every minute run a task which created another task, which created another task. Etcetera, etcetera. Just fun, things like that.
This, though I can't alike on Idol.
When the system goes idle,
you can start this task.
It's kind of nice someone, you know,
let their machine go idle. It spawns up a command prompt response up a Net cat listener and gives them that gives you access to a command problem because you know that guy's not listening
or on start, which is again a great way to do it if you want it to. Every time someone starts up the computer, this happens
sort of the most common or not most common but the most useful when I found for sketch tasks as opposed to the other backdoor methods,
is actually doing a daily or even weekly. If you're not going to be using the system extremely often, usually a daily
a specific time, the time that you've identified as being useful.
So it'll be. So far, what we've got is going to be sketch desks, create username, account for password
password. He gave it
and let's see what else we've got.
So you've got days here. We can do it differently. Weaken do instead of SC we could do slash d
or we could give it specific days of the month.
Or we could just give it this wild card which says, every day
Task name is going to be what we're actually gonna call it.
Test run is what it's actually going to do
here. It obviously gives the example of talc. We're probably going to be using our net cat.
moving up a little higher, you might be using crypt scatter. One of the encrypted versions that actually defeats I D. S is.
But whatever listener you're using you'll have is the task run. You have a start time. This is the handy one that I was talking about. Where if you know they're going to leave at five every day, you could started it 501
one that I saw was a scheduled task that someone used that logged him into the system every morning at exactly 06 30 because that was his required time to be on the system. And they had something monitoring to make sure he logged in by them.
So he logged in a 06 30 roll into worker and 07 15
45 minute. Now no one the wiser until,
of course, he got fired because it turns out that super not okay,
So start time interval.
if you already got it set to minute hourly, whatever,
this isn't really going to do any good, but it can tell you the actual in minutes how often
tells you when to end the task.
Obliteration around the task. Lots of similar things sort of correspondent work together.
So let's go ahead and give this a shot.
one of the most annoying little windows commands there are. Everything has to be just so,
and if it's not, it will break and it will yell at you
the m o command. By the way,
that has. Here's modifier. Um
well, I was finer control over schedule recurrence. We don't really need to worry about that.
But I saw that in this sample command, which I'm using because again you've never used Sketched asks enough that it's not a good idea to check
And we saw a lot of interesting things so we could do Windows
and cat dot xy And we saw in another video earlier about how you can change the name of encapsulates a little bit more believable.
you can change it in this case to office update checker dot MSC Although I usually recommend avoiding changing extensions, Justcause windows can respond poorly.
What? Most of the time it won't.
You could change the
extension in this to a different kind of portable executed. That sounds more official or anything like that.
I'm just in general. Something is going to sound Windows E and it will run this task
and we're actually gonna d'oh
the full on C colon. Ah, you always want to make sure you're doing that because you never know where it's going to be executing, and sometimes it gets a little
You dropped this in quotes.
That task has been created,
so we're gonna do sketch tasks,
and we know it's windows.
You might know. I seem to have forgotten Windows Office update checker,
You see, it's gonna run it in 9 p.m.
Every day. It's gonna start tomorrow in my case, and it'll run every day. 9 p.m.
And when it runs is gonna spit up that night. Cat listener. It's gonna do it silently without throwing anything out telling anyone
and it will execute.
And ah, that's pretty much the whole thing in terms of sketch tasks will do a quick run through that.
Like I said, I don't ever expect you to really have a great use of it, cause at is kind of terrible
So, as you see at is pretty quick. Pretty easy to use you at a time in the day, and it will execute.
I'm not a huge fan of that, as I mentioned, because it's old and kind of weak in comparison to sketch tasks,
and also because, as you saw in this machine, there were no ATS,
so it's sort of noticeable. If there is one,
there we go. But it's nice to know that it's there, and it's nice to know what it is just in case.
So there you go. We saw Batch scripting, simple back scripting. We saw a bad script and we saw a sketch tasks, and we saw at
these three are primarily used in our cases are going to use for back adoring
um, sketch task. You can tell it to run as often as you want as rarely as you want
at. You can do somewhat to that intention, but not nearly as well. And bad scripts can be designed to do pretty much everything you want to do.
If you're good and you're willing to take that plunge,
I would say experiment with bad scripts until you could do
one or two of these full videos, all of the data, information gathering or something like that, with a single batch script that you drop on your target, perhaps using T F T P.
Once you've got there, you're pretty well ready to start on
serious. Well, semi serious pen testing. Now that you've got a sense about scripting works and you got a sense of how to make things happen quickly,
you're definitely a lot closer.
Hopefully, you all learned a lot about this. Maybe a few things you didn't know about scheduling or about batch or whatever
you learned. A new nifty little trick for writing two files with nothing but a command trumped. Although, again, I had vacate never doing that unless you absolutely have to. Just the worst.
as always, I'm glad to have been here with you. My name is Joseph Perry. I'm your residents. Me on the subject. And you're listening to this on cyberia dot i t?