In the Windows world, a service is any program that runs in the background without directly interfering with the current user's desktop session. This essentially makes services a type of non-interactive process. In the Unix-like world, a daemon is the closest equivalent to a Windows service. Daemons run in the background but are not attached to any terminal; therefore, they can continue to run on the system even when a terminal is closed. Many services and daemons automatically start when the system boots, but they can also be activated by certain events or, less commonly, started and stopped manually by the user.

When it comes to pen testing, services and daemons offer similar opportunities as scheduled tasks, but differ in terms of how they are used as vectors. For example, you might write a cron job to execute a Netcat reverse shell command on a Linux target every so often. This, as you've seen, gives you a persistent backdoor into the target system. However, if you instead install a remote access daemon on the target, you could shell into the target at any time and even regain that shell immediately after the system has rebooted. Whereas a cron job is limited to a maximum frequency of one minute, a daemon is always active and available for use. Also, it's easier for a daemon to cache its state and sustain long sessions.

There are several disadvantages to running a daemon over a scheduled task, however. Daemons consume memory even when not in use, which may tip off a user if they experience performance issues or are actively monitoring memory usage. Also, daemons do not automatically restart upon termination unless specifically programmed to do so, whereas scheduled tasks can recur automatically. Lastly, cron jobs are relatively simple to create, whereas daemons require extensive programming knowledge, assuming you're not relying on existing software.

Many of these advantages and disadvantages also apply to Windows services when compared to Task Scheduler.

Registry Startup

Services are not the only way to get a particular program or command to start upon booting Windows. You can also add the program or command to the following Registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

The first key will run all of its values whenever any user logs in; the second key will run only when the current user logs in. You can open the GUI Registry Editor (regedit) to add the desired value, or you can do it from the command line:

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v backdr /d C:\Files\backdoor.bat