From df59f2be240e21b2c545b9df1648193df5591447 Mon Sep 17 00:00:00 2001 From: caseysmithrc <30840394+caseysmithrc@users.noreply.github.com> Date: Sun, 19 Nov 2017 07:42:50 -0700 Subject: [PATCH] Service Binary Code --- Windows/Payloads/AtomicService.cs | 78 +++++++++++++++++++++ Windows/Persistence/Service_Installation.md | 3 + 2 files changed, 81 insertions(+) create mode 100644 Windows/Payloads/AtomicService.cs diff --git a/Windows/Payloads/AtomicService.cs b/Windows/Payloads/AtomicService.cs new file mode 100644 index 00000000..d238a3c1 --- /dev/null +++ b/Windows/Payloads/AtomicService.cs @@ -0,0 +1,78 @@ +using System; +using System.Collections; +using System.ComponentModel; +using System.Data; +using System.Diagnostics; +using System.ServiceProcess; + +// c:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe AtomicService.cs +// sc start AtomicService +// sc stop AtomicSerivce +// sc delete AtomicSerivce +// May requjire Administrator privileges + + +namespace AtomicService +{ + public class Service1 : System.ServiceProcess.ServiceBase + { + + private System.ComponentModel.Container components = null; + + public Service1() + { + + InitializeComponent(); + + } + + // The main entry point for the process + static void Main() + { + System.ServiceProcess.ServiceBase[] ServicesToRun; + + ServicesToRun = new System.ServiceProcess.ServiceBase[] { new AtomicService.Service1()}; + + System.ServiceProcess.ServiceBase.Run(ServicesToRun); + } + + + private void InitializeComponent() + { + // + // Service1 + // + this.ServiceName = "AtomicService"; + + + } + + protected override void Dispose( bool disposing ) + { + if( disposing ) + { + if (components != null) + { + components.Dispose(); + } + } + base.Dispose( disposing ); + } + + + protected override void OnStart(string[] args) + { + + } + + + protected override void OnStop() + { + + } + protected override void OnContinue() + { + + } + } +} diff --git a/Windows/Persistence/Service_Installation.md b/Windows/Persistence/Service_Installation.md index f2a8f98b..6f2b085f 100644 --- a/Windows/Persistence/Service_Installation.md +++ b/Windows/Persistence/Service_Installation.md @@ -14,3 +14,6 @@ Input: Input: powershell New-Service -Name "TestService" -BinaryPathName "C:\Path\file.exe" + +## Test Script + [Service.cs](https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Payloads/Service.cs)