From 7f71901a29e1943e50f4d63e6ec9d482c87e759a Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Mon, 23 Aug 2021 11:12:51 -0400
Subject: [PATCH] Agent: Use path relative to __file__ to locate powershell
 scripts

---
 .../windows/shell_startup_files_modification.py            | 6 ++++--
 .../post_breach/timestomping/windows/timestomping.py       | 7 ++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
index 62fd9425e..9d90f3812 100644
--- a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
+++ b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
@@ -1,7 +1,10 @@
 import subprocess
+from pathlib import Path
 
 from infection_monkey.utils.environment import is_windows_os
 
+MODIFY_POWERSHELL_STARTUP_SCRIPT = Path(__file__).parent / "modify_powershell_startup_file.ps1"
+
 
 def get_windows_commands_to_modify_shell_startup_files():
     if not is_windows_os():
@@ -28,7 +31,6 @@ def get_windows_commands_to_modify_shell_startup_files():
 
     return [
         "powershell.exe",
-        "infection_monkey/post_breach/shell_startup_files/windows"
-        "/modify_powershell_startup_file.ps1",
+        str(MODIFY_POWERSHELL_STARTUP_SCRIPT),
         "-startup_file_path {0}",
     ], STARTUP_FILES_PER_USER
diff --git a/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py b/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py
index 2479317cc..1316caa5a 100644
--- a/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py
+++ b/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py
@@ -1,5 +1,10 @@
+from pathlib import Path
+
+TIMESTOMPING_SCRIPT = Path(__file__).parent / "timestomping.ps1"
+
+
 def get_windows_timestomping_commands():
-    return "powershell.exe infection_monkey/post_breach/timestomping/windows/timestomping.ps1"
+    return f"powershell.exe {TIMESTOMPING_SCRIPT}"
 
 
 # Commands' source: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006