Merge pull request #1424 from guardicore/post-breach-pyinstaller-hook

Post breach pyinstaller hook

CHANGELOG.md

@@ -19,6 +19,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 - Typo "trough" -> "through" in telemetry and docstring.
 - Crash when unexpected character encoding is used by ping command on German
   language systems. #1175
+- Malfunctioning timestomping PBA. #1405
+- Malfunctioning shell startup script PBA. #1419
 
 ## [1.11.0] - 2021-08-13
 ### Added

monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py

@@ -1,7 +1,10 @@
 import subprocess
+from pathlib import Path
 
 from infection_monkey.utils.environment import is_windows_os
 
+MODIFY_POWERSHELL_STARTUP_SCRIPT = Path(__file__).parent / "modify_powershell_startup_file.ps1"
+
 
 def get_windows_commands_to_modify_shell_startup_files():
     if not is_windows_os():
@@ -28,7 +31,6 @@ def get_windows_commands_to_modify_shell_startup_files():
 
     return [
         "powershell.exe",
-        "infection_monkey/post_breach/shell_startup_files/windows"
+        str(MODIFY_POWERSHELL_STARTUP_SCRIPT),
-        "/modify_powershell_startup_file.ps1",
         "-startup_file_path {0}",
     ], STARTUP_FILES_PER_USER

monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py

@@ -1,8 +1,10 @@
-TEMP_FILE = "monkey-timestomping-file.txt"
+from pathlib import Path
+
+TIMESTOMPING_SCRIPT = Path(__file__).parent / "timestomping.ps1"
 
 
 def get_windows_timestomping_commands():
-    return "powershell.exe infection_monkey/post_breach/timestomping/windows/timestomping.ps1"
+    return f"powershell.exe {TIMESTOMPING_SCRIPT}"
 
 
 # Commands' source: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006

monkey/infection_monkey/pyinstaller_hooks/hook-infection_monkey.post_breach.py

@@ -0,0 +1,3 @@
+from PyInstaller.utils.hooks import collect_data_files
+
+datas = collect_data_files("infection_monkey.post_breach", include_py_files=False)