Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tasksched persistence #18033

Closed
wants to merge 2 commits into from
Closed

Tasksched persistence #18033

wants to merge 2 commits into from

Conversation

rad10
Copy link
Contributor

@rad10 rad10 commented May 26, 2023

This module simply adds a method of persistence to windows by utilizing task scheduler. There werent any that anyone had already published, so I made one.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use exploit/windows/local/tasksched_persistence
  • set TASK_NAME puppies
  • set SESSION <session-id>
  • utilize standard task scheduler options
  • run

When it comes to running tasks, I tested with my user by setting

ScheduleObfuscationTechnique => NONE
ScheduleRunAs => <username>
ScheduleType => ONLOGON

This made testing very easy for me.

@bcoles
Copy link
Contributor

bcoles commented May 26, 2023

This module simply adds a method of persistence to windows by utilizing task scheduler. There werent any that anyone had already published, so I made one.

What functionality does this module offer which is not supported by the existing post/windows/manage/persistence_exe persistence module?

Both modules use the task_create method:

metasploit-framework/modules/post/windows/manage/persistence_exe.rb

Line 335 in d825515

task_create(task_name, remote_host.blank? ? script_on_target : remote_path)

@gwillcox-r7 gwillcox-r7 added blocked Blocked by one or more additional tasks module needs-docs labels May 30, 2023
@github-actions
Copy link

Thanks for your pull request! Before this can be merged, we need the following documentation for your module:

@smcintyre-r7
Copy link
Contributor

I agree with @bcoles regarding this appearing to be duplicate code with the existing persistence_exe module. The one noteworthy advantage this approach has is the integrated payload handling that comes with being an exploit module. That is a nice feature however and I've opened a ticket to track how this may be incorporated into a new persistence module that consolidates our current ones including this functionality.

See #18053.

@smcintyre-r7 smcintyre-r7 mentioned this pull request Jun 1, 2023
Closed
5 tasks
@cdelafuente-r7 cdelafuente-r7 self-assigned this Jun 1, 2023
@cdelafuente-r7
Copy link
Contributor

I also agree with @bcoles. The existing post/windows/manage/persistence_exe module provides the same capabilities, but with more options, such as setting the schedule type (MINUTE, HOURLY, DAILY, etc.). As @smcintyre-r7 said, it would be interesting to have Framework take care or payload generation and handling, as this exploit module does. We want to avoid multiple modules doing more or less the same thing. For this reason, I'm closing this PR.

That said, it would be a very interesting project, if you have time, to look at #18053 and try to consolidate all the current persistence modules.

@rad10
Copy link
Contributor Author

rad10 commented Jun 2, 2023

Sounds like I got a new project

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@cdelafuente-r7 cdelafuente-r7

Labels
blocked Blocked by one or more additional tasks module needs-docs
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rad10 @bcoles @smcintyre-r7 @cdelafuente-r7 @gwillcox-r7