Merge pull request #1570 from guardicore/1556-broken-agent-manual-run-win

1556 broken agent manual run Windows

CHANGELOG.md

@@ -12,9 +12,11 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Removed
 - The VSFTPD exploiter. #1533
+- Manual agent run command for CMD. #1570
 
 ### Fixed
 - A bug in network map page that caused delay of telemetry log loading. #1545
+- Windows "run as a user" powershell command for manual agent runs. #1570
 
 ### Security
 

monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/RunManually/LocalManualRunOptions.js

@@ -2,7 +2,6 @@ import React, {useEffect, useState} from 'react';
 import InlineSelection from '../../../ui-components/inline-selection/InlineSelection';
 import DropdownSelect from '../../../ui-components/DropdownSelect';
 import {OS_TYPES} from '../utils/OsTypes';
-import GenerateLocalWindowsCmd from '../commands/local_windows_cmd';
 import GenerateLocalWindowsPowershell from '../commands/local_windows_powershell';
 import GenerateLocalLinuxWget from '../commands/local_linux_wget';
 import GenerateLocalLinuxCurl from '../commands/local_linux_curl';
@@ -50,8 +49,7 @@ const getContents = (props) => {
 
   function generateCommands() {
     if (osType === OS_TYPES.WINDOWS_64 || osType === OS_TYPES.WINDOWS_32) {
-      return [{type: 'CMD', command: GenerateLocalWindowsCmd(selectedIp, osType, customUsername)},
-        {type: 'Powershell', command: GenerateLocalWindowsPowershell(selectedIp, osType, customUsername)}]
+      return [{type: 'Powershell', command: GenerateLocalWindowsPowershell(selectedIp, osType, customUsername)}]
     } else {
       return [{type: 'CURL', command: GenerateLocalLinuxCurl(selectedIp, osType, customUsername)},
         {type: 'WGET', command: GenerateLocalLinuxWget(selectedIp, osType, customUsername)}]

monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_cmd.js

@@ -1,16 +0,0 @@
-import {OS_TYPES} from '../utils/OsTypes';
-
-
-export default function generateLocalWindowsCmd(ip, osType, username) {
-  let bitText = osType === OS_TYPES.WINDOWS_32 ? '32' : '64';
-  let command = `powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; `
-    + `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/`
-    + `monkey-windows-${bitText}.exe','.\\monkey.exe'); `
-    + `;Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`;
-
-  if (username != '') {
-    command = `runas /user:${username} "cmd /K ${command}"`;
-  }
-
-  return command;
-}

monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js

@@ -1,15 +1,20 @@
 import {OS_TYPES} from '../utils/OsTypes';
 
 
-export default function generateLocalWindowsPowershell(ip, osType, username) {
+function getAgentDownloadCommand(ip, osType) {
   let bitText = osType === OS_TYPES.WINDOWS_32 ? '32' : '64';
-  let command = `[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; `
-    + `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/`
-    + `monkey-windows-${bitText}.exe','.\\monkey.exe'); `
-    + `;Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`;
+  return `$execCmd = @"\r\n`
+    + `[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {\`$true};`
+    + `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/monkey-windows-${bitText}.exe',`
+    + `"""$env:TEMP\\monkey.exe""");Start-Process -FilePath '$env:TEMP\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`
+    + `\r\n"@; \r\n`
+    + `Start-Process -FilePath powershell.exe -ArgumentList $execCmd`;
+}
 
-  if (username != '') {
-    command = `Start-Process powershell.exe -ArgumentList "-noexit ${command}" -Credential ${username}`;
+export default function generateLocalWindowsPowershell(ip, osType, username) {
+  let command = getAgentDownloadCommand(ip, osType)
+  if (username !== '') {
+    command += ` -Credential ${username}`;
   }
 
   return command;