Penetration Testing mailing list archives

Hiding scheduled tasks in 2K/XP

From: "winter" <shonky_sec () hotpop com>
Date: Mon, 2 Jun 2003 17:10:40 +1000

Hey all,

Ive found that you can use attrib.exe on files in %windir%\tasks,
particularly with the +h attribute. "Attrib.exe +h *" will hide all
scheduled tasks from AT, Scheduled Tasks (both Control Panel + explorer) and
"dir %windir%\tasks" (unless you use dir /a or have it set as such in
%dircmd%).  Browsing %windir%\tasks on the cmd line with "dir /a" is the
only way ive been able to detect jobs that have been hidden this way. They
run as scheduled. Tested on 2000 SP3 & XP SP1.

winter



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Hiding scheduled tasks in 2K/XP winter (Jun 02)
- RE: Hiding scheduled tasks in 2K/XP Dan Perez (Jun 04)
- <Possible follow-ups>
- Re: Hiding scheduled tasks in 2K/XP H Carvey (Jun 03)
- RE: Hiding scheduled tasks in 2K/XP David Vincent (Jun 04)