How to work with remote tasks using WMI and PowerShell

# Create $ATTACKER_TASK using the WMI session established in
# $SESSION_OBJECT. Note that $SOME_COMMAND must be broken up
# here into the binary path and the command arguments.
#
$TASK_OBJECT = New-ScheduledTaskAction `
                   -CimSession $SESSION_OBJECT `
                   -Execute "$SOME_BINARY_PATH" `
                   -Argument "$SOME_COMMAND_ARGUMENTS"
 
Register-ScheduledTask -CimSession $SESSION_OBJECT `
                       -Action $TASK_OBJECT `
                       -User "NT AUTHORITY\SYSTEM" `
                       -TaskName "$ATTACKER_TASK"
 
# Invoke $ATTACKER_TASK.
#
Start-ScheduledTask -CimSession $SESSION_OBJECT `
                    -TaskName "$ATTACKER_TASK"
 
# Clean up after yourself.
#
Unregister-ScheduledTask -CimSession $SESSION_OBJECT `
                         -TaskName "$ATTACKER_TASK"

Cardboard Iguana Security

Explorer

How to work with remote tasks using WMI and PowerShell

Graph View

Backlinks