Merge pull request #26 from redcanaryco/Nucleus

Service Binary Code

Windows/Payloads/AtomicService.cs

@@ -0,0 +1,78 @@
+using System;
+using System.Collections;
+using System.ComponentModel;
+using System.Data;
+using System.Diagnostics;
+using System.ServiceProcess;
+
+// c:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe AtomicService.cs
+// sc start AtomicService
+// sc stop AtomicSerivce
+// sc delete AtomicSerivce
+// May requjire Administrator privileges
+
+
+namespace AtomicService
+{
+	public class Service1 : System.ServiceProcess.ServiceBase
+	{
+
+		private System.ComponentModel.Container components = null;
+
+		public Service1()
+		{
+
+			InitializeComponent();
+
+		}
+
+		// The main entry point for the process
+		static void Main()
+		{
+			System.ServiceProcess.ServiceBase[] ServicesToRun;
+
+			ServicesToRun = new System.ServiceProcess.ServiceBase[] { new AtomicService.Service1()};
+
+			System.ServiceProcess.ServiceBase.Run(ServicesToRun);
+		}
+
+
+		private void InitializeComponent()
+		{
+			//
+			// Service1
+			//
+			this.ServiceName = "AtomicService";
+
+
+		}
+
+		protected override void Dispose( bool disposing )
+		{
+			if( disposing )
+			{
+				if (components != null)
+				{
+					components.Dispose();
+				}
+			}
+			base.Dispose( disposing );
+		}
+
+
+		protected override void OnStart(string[] args)
+		{
+
+		}
+
+
+		protected override void OnStop()
+		{
+
+		}
+		protected override void OnContinue()
+		{
+
+		}
+	}
+}

Windows/Persistence/Service_Installation.md

@@ -14,3 +14,6 @@ Input:
 Input:
 
     powershell New-Service -Name "TestService" -BinaryPathName "C:\Path\file.exe"
+
+## Test Script
+    [Service.cs](https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Payloads/Service.cs)