Adversaries may abuse the [at](https://attack.mitre.org/software/S0110) utility to perform task scheduling for initial or recurring execution of malicious code. The [at](https://attack.mitre.org/software/S0110) command within Linux operating systems enables administrators to schedule tasks.(Citation: Kifarunix - Task Scheduling in Linux)An adversary may use at in Linux environments to execute programs at system startup or on a scheduled basis for persistence. at can also be abused to conduct remote Execution as part of Lateral Movement and or to run a process under the context of a specified account.
This test submits a command to be run in the future by the at daemon.
Supported Platforms: Linux
| Name | Description | Type | Default Value |
|---|---|---|---|
| time_spec | Time specification of when the command should run | String | now + 1 minute |
| at_command | The command to be run | String | echo Hello from Atomic Red Team |
echo "#{at_command}" | at #{time_spec}which at && which atd echo 'Please install `at` and `atd`; they were not found in the PATH (Package name: `at`)'systemctl status atd || service atd status echo 'Please start the `atd` daemon (sysv: `service atd start` ; systemd: `systemctl start atd`)'