From f30b81eec7afcd99de83ba46140a9914f56d0ec1 Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Mon, 3 Aug 2020 17:39:11 +0530
Subject: [PATCH 1/3] Remove "Public" from USERS in windows modify shell
 startup PBA

Otherwise it'll look for a profile.ps1 file in the Public folder too
---
 .../windows/shell_startup_files_modification.py                  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
index 32f0718a7..f39f1c1dd 100644
--- a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
+++ b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
@@ -13,6 +13,7 @@ def get_windows_commands_to_modify_shell_startup_files():
 
     # get list of usernames
     USERS = subprocess.check_output('dir C:\\Users /b', shell=True).decode().split("\r\n")[:-1]  # noqa: DUO116
+    USERS.remove("Public")
 
     STARTUP_FILES_PER_USER = ['\\'.join(SHELL_STARTUP_FILE_PATH_COMPONENTS[:2] +
                                         [user] +

From 04eb0650cd1e030e9ba401a121b61fe2398268fc Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Tue, 4 Aug 2020 14:49:43 +0530
Subject: [PATCH 2/3] Create $Profile if it doesn't exist

(Runs a powershell script instead of commands like other PBAs)
---
 .../post_breach/actions/modify_shell_startup_files.py |  2 +-
 .../windows/modify_powershell_startup_file.ps1        | 11 +++++++++++
 .../windows/shell_startup_files_modification.py       |  8 +++-----
 3 files changed, 15 insertions(+), 6 deletions(-)
 create mode 100644 monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1

diff --git a/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py b/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py
index f7bd43a6e..e12e0c446 100644
--- a/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py
+++ b/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py
@@ -35,7 +35,7 @@ class ModifyShellStartupFiles(PBA):
 
             for startup_file_per_user in shell_startup_files_per_user_for_windows:
                 windows_cmds = ' '.join(cmds_for_windows).format(startup_file_per_user)
-                pbas.append(self.ModifyShellStartupFile(linux_cmds='', windows_cmds=['powershell.exe', windows_cmds]))
+                pbas.append(self.ModifyShellStartupFile(linux_cmds='', windows_cmds=windows_cmds))
 
             for username in usernames_for_linux:
                 for shell_startup_file in shell_startup_files_for_linux:
diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1 b/monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1
new file mode 100644
index 000000000..72a925e52
--- /dev/null
+++ b/monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1
@@ -0,0 +1,11 @@
+param (
+    [string]$startup_file_path = $profile
+)
+
+If (!(Test-Path $startup_file_path)) {  # create profile.ps1 file if it doesn't exist already
+    New-Item -Path $startup_file_path -ItemType "file" -Force
+}
+Add-Content $startup_file_path "# Successfully modified $startup_file_path" ;  # add line to $Profile
+cat $startup_file_path | Select -last 1 ;  # print last line of $Profile
+$OldProfile = cat $startup_file_path | Select -skiplast 1 ;
+Set-Content $startup_file_path -Value $OldProfile ;
diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
index f39f1c1dd..a4d32938e 100644
--- a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
+++ b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
@@ -21,9 +21,7 @@ def get_windows_commands_to_modify_shell_startup_files():
                               for user in USERS]
 
     return [
-        'Add-Content {0}',
-        '\"# Successfully modified {0}\" ;',  # add line to $profile
-        'cat {0} | Select -last 1 ;',  # print last line of $profile
-        '$OldProfile = cat {0} | Select -skiplast 1 ;',
-        'Set-Content {0} -Value $OldProfile ;'  # remove last line of $profile
+        'powershell.exe',
+        'infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1',
+        '-startup_file_path {0}'
     ], STARTUP_FILES_PER_USER

From fe6cd2b076525312411dde018f674b322915019d Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Tue, 4 Aug 2020 17:28:32 +0530
Subject: [PATCH 3/3] Cleanup folder/file

---
 .../modify_powershell_startup_file.ps1        | 23 +++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1 b/monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1
index 72a925e52..864be5311 100644
--- a/monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1
+++ b/monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1
@@ -2,10 +2,25 @@ param (
     [string]$startup_file_path = $profile
 )
 
-If (!(Test-Path $startup_file_path)) {  # create profile.ps1 file if it doesn't exist already
-    New-Item -Path $startup_file_path -ItemType "file" -Force
+
+# check if paths exist already
+$startup_file_prev_exists = Test-Path $startup_file_path
+$startup_file_folder_path = ($startup_file_path -split '\\')[0..(($startup_file_path -split '\\').count -2)] -join '\'
+$startup_file_folder_prev_exists = Test-Path $startup_file_folder_path
+
+# carry out pba
+If (!($startup_file_prev_exists)) {  # create profile.ps1 file if it doesn't exist already
+    [Void](New-Item -Path $startup_file_path -ItemType "file" -Force)
 }
 Add-Content $startup_file_path "# Successfully modified $startup_file_path" ;  # add line to $Profile
 cat $startup_file_path | Select -last 1 ;  # print last line of $Profile
-$OldProfile = cat $startup_file_path | Select -skiplast 1 ;
-Set-Content $startup_file_path -Value $OldProfile ;
+$OldProfile = cat $startup_file_path | Select -skiplast 1 ;  # get file's original content
+Set-Content $startup_file_path -Value $OldProfile ;  # restore file's original content
+
+# cleanup
+If (!($startup_file_prev_exists)) {  # remove file if it didn't exist previously
+    Remove-Item -Path $startup_file_path -Force ;
+}
+If (!($startup_file_folder_prev_exists)) {  # remove folder if it didn't exist previously
+    Remove-Item -Path $startup_file_folder_path -Force -Recurse ;
+}