Scheduled Tasks

Windows Task Scheduler is used to execute automated tasks such as cleaning up or performing updates. For a task to start one or more trigger conditions needs to be met. To view the current scheduled tasks we can use the build in bany.

schtasks /query /fo LIST /v

If the scheduel task is running a binary that we have write permissions for it's possible to swap it out for a new binary that does something like adding users. If the tasks runs with higher permissions it may be possible to achieve these same permissions.

icacls C:\Users\james\Downloads\foobar.exe
C:\Users\steve\Pictures\BackendCacheCleanup.exe NT AUTHORITY\SYSTEM:(I)(F)
                                                BUILTIN\Administrators:(I)(F)
                                                CLIENTWK220\james:(I)(F)