Return to forum

Persistent · July 10, 2022 at 1:51 AM

How to add to Task Scheduler without using a shell in C++?

Please share ideas if you know, thanks.

meli0das · July 10, 2022 at 2:02 AM

yea the doc on this one is pretty hard to understand, here's the code i use to make a task which run a program with administrator[spoiler][code]#include #include #include #include #pragma comment(lib, "taskschd.lib")HRESULT AdminTaskExists(PWSTR TaskName){ BSTR taskNameString = NULL; BSTR taskFolderString = NULL; ITaskService* taskService = NULL; ITaskFolder* taskFolder = NULL; IRegisteredTask* taskRegisteredTask = NULL; taskNameString = SysAllocString(TaskName); taskFolderString = SysAllocString(L"\\"); HRESULT hr = CoCreateInstance(CLSID_TaskScheduler, NULL, CLSCTX_INPROC_SERVER, IID_ITaskService, (void**)&taskService); if (FAILED(hr)) { goto CLEANUP_EXIT; } // Connect to the task service. hr = taskService->Connect(_variant_t(), _variant_t(), _variant_t(), _variant_t()); if (FAILED(hr)) { goto CLEANUP_EXIT; } // ------------------------------------------------------ // Get the pointer to the root task folder. This folder will hold the // new task that is registered. hr = taskService->GetFolder(taskFolderString, &taskFolder); if (FAILED(hr)) { goto CLEANUP_EXIT; } hr = taskFolder->GetTask(taskNameString, &taskRegisteredTask); if (FAILED(hr)) { goto CLEANUP_EXIT; }CLEANUP_EXIT: if (taskRegisteredTask) taskRegisteredTask->Release(); if (taskFolder) taskFolder->Release(); if (taskService) taskService->Release(); return hr;}HRESULT AdminTaskRun(PWSTR TaskName){ VARIANT empty = { VT_EMPTY }; BSTR taskNameString = NULL; BSTR taskFolderString = NULL; ITaskService* taskService = NULL; ITaskFolder* taskFolder = NULL; IRegisteredTask* taskRegisteredTask = NULL; IRunningTask* taskRunningTask = NULL; taskNameString = SysAllocString(TaskName); taskFolderString = SysAllocString(L"\\"); HRESULT hr = CoCreateInstance(CLSID_TaskScheduler, NULL, CLSCTX_INPROC_SERVER, IID_ITaskService, (void**)&taskService); if (FAILED(hr)) { goto CLEANUP_EXIT; } // Connect to the task service. hr = taskService->Connect(empty, empty, empty, empty); if (FAILED(hr)) { goto CLEANUP_EXIT; } // ------------------------------------------------------ // Get the pointer to the root task folder. This folder will hold the // new task that is registered. hr = taskService->GetFolder(taskFolderString, &taskFolder); if (FAILED(hr)) { goto CLEANUP_EXIT; } hr = taskFolder->GetTask(taskNameString, &taskRegisteredTask); if (FAILED(hr)) { goto CLEANUP_EXIT; } hr = taskRegisteredTask->RunEx(empty, TASK_RUN_AS_SELF, 0, NULL, &taskRunningTask); if (FAILED(hr)) { goto CLEANUP_EXIT; }CLEANUP_EXIT: if (taskRegisteredTask) taskRegisteredTask->Release(); if (taskFolder) taskFolder->Release(); if (taskService) taskService->Release(); return hr;}HRESULT AdminTaskCreate(PWSTR TaskName, PWSTR FileName, PWSTR Argument){ HRESULT status; BSTR taskNameString = NULL; BSTR taskFileNameString = NULL; BSTR taskFolderString = NULL; BSTR taskTimeLimitString = NULL; VARIANT empty = { VT_EMPTY }; ITaskService* taskService = NULL; ITaskFolder* taskFolder = NULL; ITaskDefinition* taskDefinition = NULL; ITaskSettings* taskSettings = NULL; ITaskSettings2* taskSettings2 = NULL; ITriggerCollection* taskTriggerCollection = NULL; ITrigger* taskTrigger = NULL; ILogonTrigger* taskLogonTrigger = NULL; IRegisteredTask* taskRegisteredTask = NULL; IPrincipal* taskPrincipal = NULL; IActionCollection* taskActionCollection = NULL; IAction* taskAction = NULL; IExecAction* taskExecAction = NULL; status = CoCreateInstance(CLSID_TaskScheduler, NULL, CLSCTX_INPROC_SERVER, IID_ITaskService, (void**)&taskService); if (FAILED(status)) { goto CLEANUP_EXIT; } taskNameString = SysAllocString(TaskName); taskFileNameString = SysAllocString(FileName); taskFolderString = SysAllocString(L"\\"); taskTimeLimitString = SysAllocString(L"PT0S"); status = taskService->Connect(empty, empty, empty, empty); if (FAILED(status)) { goto CLEANUP_EXIT; } status = taskService->GetFolder(taskFolderString, &taskFolder); if (FAILED(status)) { goto CLEANUP_EXIT; } status = taskService->NewTask(0, &taskDefinition); if (FAILED(status)) { goto CLEANUP_EXIT; } status = taskDefinition->get_Settings(&taskSettings); if (FAILED(status)) { goto CLEANUP_EXIT; } taskSettings->put_Compatibility(TASK_COMPATIBILITY_V2_1); taskSettings->put_StartWhenAvailable(VARIANT_TRUE); taskSettings->put_DisallowStartIfOnBatteries(VARIANT_FALSE); taskSettings->put_StopIfGoingOnBatteries(VARIANT_FALSE); taskSettings->put_ExecutionTimeLimit(taskTimeLimitString); taskSettings->put_Priority(1); if (SUCCEEDED(taskSettings->QueryInterface(IID_ITaskSettings2, (void**)&taskSettings2))) { taskSettings2->put_UseUnifiedSchedulingEngine(VARIANT_TRUE); taskSettings2->put_DisallowStartOnRemoteAppSession(VARIANT_TRUE); taskSettings2->Release(); } status = taskDefinition->get_Principal(&taskPrincipal); if (FAILED(status)) { goto CLEANUP_EXIT; } taskPrincipal->put_RunLevel(TASK_RUNLEVEL_HIGHEST); taskPrincipal->put_LogonType(TASK_LOGON_INTERACTIVE_TOKEN); status = taskDefinition->get_Actions(&taskActionCollection); if (FAILED(status)) { goto CLEANUP_EXIT; } status = taskActionCollection->Create(TASK_ACTION_EXEC, &taskAction); if (FAILED(status)) { goto CLEANUP_EXIT; } status = taskAction->QueryInterface(IID_IExecAction, (void**)&taskExecAction); if (FAILED(status)) { goto CLEANUP_EXIT; } if (Argument) { BSTR taskArgumentString = SysAllocString(Argument); status = taskExecAction->put_Arguments(taskArgumentString); if (FAILED(status)) { goto CLEANUP_EXIT; } } status = taskExecAction->put_Path(taskFileNameString); if (FAILED(status)) { goto CLEANUP_EXIT; } //status = taskDefinition->get_Triggers(&taskTriggerCollection); //if (FAILED(status)) //{ // printf("Cannot get taskTriggerCollection: %x", status); // system("pause"); // goto CLEANUP_EXIT; //} //status = taskTriggerCollection->Create(TASK_TRIGGER_BOOT, &taskTrigger); //if (FAILED(status)) //{ // printf("Cannot create taskTrigger: %x", status); // system("pause"); // goto CLEANUP_EXIT; //} taskFolder->DeleteTask(taskNameString, 0); status = taskFolder->RegisterTaskDefinition(taskNameString, taskDefinition, TASK_CREATE_OR_UPDATE, empty, empty, TASK_LOGON_INTERACTIVE_TOKEN, empty, &taskRegisteredTask); if (FAILED(status)) { goto CLEANUP_EXIT; }CLEANUP_EXIT: if (taskRegisteredTask) taskRegisteredTask->Release(); if (taskActionCollection) taskActionCollection->Release(); if (taskPrincipal) taskPrincipal->Release(); if (taskLogonTrigger) taskLogonTrigger->Release(); if (taskTrigger) taskTrigger->Release(); if (taskTriggerCollection) taskTriggerCollection->Release(); if (taskSettings) taskSettings->Release(); if (taskDefinition) taskDefinition->Release(); if (taskFolder) taskFolder->Release(); if (taskService) taskService->Release(); return status;}[/code][/spoiler]You need to CoInitialize first:[spoiler][code]HRESULT hres; hres = CoInitializeEx(0, COINIT_MULTITHREADED);if (FAILED(hres)) return false;hres = CoInitializeSecurity(NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL);if (FAILED(hres)){CoUninitialize();return false;}[/code][/spoiler]I took the idea from process hacker source, you should also see it

meli0das · July 10, 2022 at 3:32 AM

nigger you need to thank me for spoon feeding you

Persistent · July 10, 2022 at 12:48 PM

(July 10, 2022, 03:32 AM)meli0das Wrote: nigger you need to thank me for spoon feeding you

Thanks mate, I've went to sleep lol. I'll test it today.

twitter3141592 · July 10, 2022 at 9:47 PM

you can utilize the shell for task scheduling, also have you considered using Python or HTML?

meli0das · July 11, 2022 at 3:17 AM

(July 10, 2022, 09:47 PM)twitter3141592 Wrote: you can utilize the shell for task scheduling, also have you considered using Python or HTML?

HTML? What the actual fuck?

Yeoman77 · July 11, 2022 at 5:20 AM

(July 11, 2022, 03:17 AM)meli0das Wrote:
(July 10, 2022, 09:47 PM)twitter3141592 Wrote: you can utilize the shell for task scheduling, also have you considered using Python or HTML?

HTML? What the actual fuck?

Yep...just copy/paste your Task Scheduler between some HTML body tags and click the Publish button on your Wordpress site. Easy Peasy!

thepinkslip · July 11, 2022 at 2:46 PM

(July 10, 2022, 01:51 AM)Persistent Wrote: How to add to Task Scheduler without using a shell in C++?

Please share ideas if you know, thanks.

Honestly you should be using powershell to add tasks in task scheduler. I remember I had a crypto miner virus that had a powershell script calling out to other powershell scripts/task scheduler and it was a nightmare to remove them. Anytime I removed one another script /schedule they would check if they were all still there and create more with new names and different locations which sucks because you don't know if the original breach is still open or if you missed a script. I ended up wiping that server lol.

punk · July 12, 2022 at 2:54 AM

(July 11, 2022, 11:48 AM)EGORRR882 Wrote: you can utilize the shell for task scheduling, also have you considered using Python or HTML?

Is this a spambot?

meli0das · July 12, 2022 at 6:10 AM

(July 11, 2022, 02:46 PM)thepinkslip Wrote:
(July 10, 2022, 01:51 AM)Persistent Wrote: How to add to Task Scheduler without using a shell in C++?

Please share ideas if you know, thanks.

Honestly you should be using powershell to add tasks in task scheduler. I remember I had a crypto miner virus that had a powershell script calling out to other powershell scripts/task scheduler and it was a nightmare to remove them. Anytime I removed one another script /schedule they would check if they were all still there and create more with new names and different locations which sucks because you don't know if the original breach is still open or if you missed a script. I ended up wiping that server lol.

only skids use powershell command, yuke :sick: