Shortest code to schedule a task in Windows? Java

[vailixi]

Not really sure how to do this. I'm trying to schedule a task on a windows machine via a java program or applet with the least amount of code possible.

I worked through a series of java tutorials and I was writing code fine. But that was a few years ago and I'm not so good now. What am I doing wrong here?

import java.io.IOException;
public class taskscheduler {

        private static Process watching;

        public static void main(String[] args) throws IOException {
            Runtime runTime = Runtime.getRuntime();
                setWatching(runTime.exec("SchTasks /Create /SC DAILY /TN \"Windows Is Watching You\" /TR \"notepad.exe\" /ST 16:11"));
        }

        public static Process getWatching() {
            return watching;
        }

        public static void setWatching(Process watching) {
            taskscheduler.watching = watching;
        }
}

Or maybe something like this:

import java.io.IOException;
public class startprogram {

	public static void main(String[] args){
		try {
			Process p = Runtime.getRuntime().exec("gedit");
		} catch (IOException e){
			e.printStackTrace();
		}
			
			
		}
		
	}

Is there a shorter way to do this?

Edited September 13, 2015 by vailixi

[digip]

Off topic but curious why using Java vs hooking the OS itself for built in services?

[overwraith]

Off topic but curious why using Java vs hooking the OS itself for built in services?

Because most new coders aren't that into C...

I know I'm not that into C. Am a little addicted to object oriented. I did make one interesting C program back when I took my class. It was basically a batch processing program which could run at the speed of the disk from which it read (pretty fast considering). Actually I believe that the Windows API is the problem, and it is not generally taught in schools any more because we have more abstract tools these days (we loose a little bit of granularity these days). Socket objects basically wrap the Windows API in most modern languages. This usually makes things a lot easier to use.

One might be able to hook the OS in Java/C#, I haven't ever actually tried...

Using the Windows Task Scheduler is probably the way to go. Slightly related, I actually coded a "TimeBomb" class a while back in C# to do something similar. The way I did it was to make a class member variable which is a low priority thread, and I used "Detonation" events/delegates to preform the requested operation (modern java has lambadas now, but you could use an observer model), and I made persistant by writing to a crypted binary file. I would pass in Symmetric algorithim objects to the class for the decryption. The objective of my program was to make a time bomb object which would run every time a program which uses it runs. I was basically interested in figuring out how trial ware works etc. Wanted to make an interesting little class. Actual trial ware probably has many more techniques, or slightly different ones. One could put an exe in the startup folders, and have it run on boot, or one could make a system service to do the same thing, but I actually like your windows task scheduler solution for your particuar problem.

If I remember correctly java system services, are basically just java programs run with a special "silent" version of the java runtime executable, and I think you actually need to put a batch or exe file in startup or something to kick off the program. That's one of the reasons I prefer C#, you can actually make a system service, instead of this hacky work around.

Edited September 13, 2015 by overwraith

[digip]

Just use the command prompt in windows, runas admin, and then enter to schtasks, or use the "at" command to create a one off(ore daily) interactive task, like opening a file. I'm saying, use what is built into windows instead of things like java which isn't installed by default. if it's an exercise in java, then +1, cool beans and I can understand that, but if for something you need to implement and get done for a quick job, this should work and can probably be called from java as well to list, add and delete them if using system hooks. I don't program, so not sure how java would interact with windows to tie into the shell commands, but I imagine they have something equivalent to sending cmd line scripting of OS specifics like you could with other languages.

​ http://www.howtogeek.com/51236/how-to-create-modify-and-delete-scheduled-tasks-from-the-command-line/?PageSpeed=noscript

[overwraith]

The thing is, when you say system hooks, that is actually a very specific phrase. What you are saying is that you are using drivers, and system calls to get the OS to do your bidding. That is mostly the C arena. This is what I thought you meant.

I attempted to read the malware analysts cookbook, I got some useful recipies from it, but was largely unsuccessful. They use this term "hooking the OS" very specifically.

I agree that we should use some of the already built in windows features to schedule our code, unless there is a very compelling reason to make a generic cross platform scheduler.

The advantage of encapsulating the command in code is that it cannot be tampered with by others as easily as the string is compiled into the class files, and in the case of making an installer etc, you don't have to manually input the command into the command line such as if you are making an installer etc. You can use the command prompt to make sure you got the syntax correct.

Command line is actually very different, you are calling a program via the command line. Is essentially interpretation, which is indirect, and therefore is a level of indirection. I would also presume due to the interpretation it is a bit slower.

Yeah there are ways to send command line commands to other processes etc.

http://stackoverflow.com/questions/8496494/running-command-line-in-java

http://www.dotnetperls.com/process

I borrowed the excel code from the last link in a program recently to open two excel files in an excel file matching program for final display.

[vailixi]

I'm trying to download schedule and run a program on the target machine without any special privileges. It seems work ok on Windows. For Linux this can all work if the machine is already running as root. It's more complicated. I'm trying to use tools that are likely to installed installed the target machine and can usually be ran without administrative privileges. Shortly 3 billion machines run Java so it's a fairly safe bet the code will run, networking with Java is stuff that I can understand.

I tried writing some networking in C and C++ but I always ran into issues with getting libraries and frameworks to work. There are a lot of code examples for curl or ACE but none them seem to work when I try to compile them. I'm not sure where to put the libs on my machine when I install. And it kinda sucks when I'm trying to learn a framework or language and none of the code examples have valid syntax and you don't really know the language or framework well enough to troubleshoot it. This is why I never learned C#. Every book I looked in had code example for what seemed like useful programs but when I tried it out nothing worked.

I also have never taken a single computer related course with the exception of keyboarding back in the day. I taught myself everything from videos, pdf, searches, and forums. So I think of and end goal and I think up the pieces that will make it work. Then I look the stuff up on Google. I don't so much care what I have to do to make it work so long as the original objective is accomplished.

Also wanted to comment that Hak5 is probably the most supportive online community I've been involved with. Thanks everybody for being awesome!

Still trying to figure out how to create a startup process without administrative privileges. Anybody know how to do that. I saw a batch file that will create a start folder icon. But it needs to be run as admin.

[digip]

Still trying to figure out how to create a startup process without administrative privileges.

You could try(I haven't) inserting directly via a registry hack, which you could just export a known service key and modify the settings to your needs(which would probably require a reboot to take effect), although I'd probably test that in a VM before implementing since you could potentially hose the system if you muck up the registry.

If you want to use a Java based app, create a service/deamon app that can monitor what you want. Otherwise, use the sc command(but still requires elevation to create them)

​https://support.microsoft.com/en-us/kb/251192

Syntax example:

sc create DigiP binPath= C:\Windows\System32\calc.exe type= share start= auto

Obviously don't use calc.exe, this is just a syntax example, as calc.exe does not respond to a start and stop command from the OS, your Java app would need to be able to respond in this manner as a normal daemon/service would, which can be started and created by local users, but not without elevated privileges since "sc" runs as administrator. Just know that the syntax requires a space after the equal sign. Not sure why microsoft does this, but it will throw errors if you don't have the space there.

[vailixi]

Haven't tried that yet. You gotta love one liners. I think the shortest way I'd previously seen for doing this was about 7 lines.

[cooper]

You're creating a java program to start a system command.

No matter how you look at it, you're wrapping something and I've yet to encounter anything doing that without increasing the overall size.

Also, it's pointless. You don't want to type "ladida" at the command prompt so now you have to type "java ladida" at the command prompt so that java will start the 'ladida' program. I see very little use for this.

And finally, the defacto scheduler for java is Quartz - it's like cron for Java, including much of the semantics.

[digip]

If having to remember the commands is an issue, or you want to make things a bit easier with options via a GUI interface, make a java app that shows you all of the options for schtasks on windows, and cron for linux, and from there, have it run on both OS's while just having to know which OS it's on to setup whatever task you want to schedule or job to queue. like a GUI front end, although in windows, I'd probably still stick to "taskschd.msc" for the GUI side and use the action wizard to create a new task. Linux probably has an easy GUI interface as well. I still think going native is best unless you need a service that skirts lower user privileges on a system and can't elevate to use the commands, then you use your own program to act as a service monitor/daemon to do your bidding.

[vailixi]

Mostly I'm working on concepts. There seems to be a lot of code examples in Java for doing what I want to do. If I can find some examples in C that do what I need to do then that's great. Any good references for programming malware?

Say you wanted to install a proxy server or on the target or maybe a portable virtual machine with an entire operating system that you can control via SSH and scripting or message passing interface. An applet is an easy way to do that. If you were going to Pentest a large network like a business campus or a college and you wanted access to a lot of machines and to make a statement about security posture or awareness you could just arp spoof the entire network and inject an applet into pages the users download. Download the a new desktop background. Schedule the web browser to pull up a youtube video. I'm thinking Warrant's Cherry Pie is good selection for a prank like this. Or an educational video about whatever aspect of security the user was not minding. Not really looking to meterpreter or VNC computers and snoop around. Of course that would be option.