From 51eb6f2ce5532b9e7bc8dbf30997414ee1220412 Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Fri, 5 Nov 2021 09:47:59 +0200
Subject: [PATCH 1/5] UI: fix manual run command for powershell as a user

---
 .../commands/local_windows_powershell.js        | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js
index aa9a96a17..a9f1c0d2c 100644
--- a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js
@@ -1,15 +1,20 @@
 import {OS_TYPES} from '../utils/OsTypes';
 
 
-export default function generateLocalWindowsPowershell(ip, osType, username) {
+export function getAgentDownloadCommand(ip, osType) {
   let bitText = osType === OS_TYPES.WINDOWS_32 ? '32' : '64';
-  let command = `[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; `
-    + `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/`
-    + `monkey-windows-${bitText}.exe','.\\monkey.exe'); `
-    + `;Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`;
+  return `$execCmd = @"\r\n`
+    + `-noexit [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {\`$true};`
+    + `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/monkey-windows-${bitText}.exe',`
+    + `"""$env:TEMP\\monkey.exe""");Start-Process -FilePath '$env:TEMP\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`
+    + `\r\n"@; \r\n`
+    + `Start-Process -FilePath powershell.exe -ArgumentList $execCmd`
+}
 
+export default function generateLocalWindowsPowershell(ip, osType, username) {
+  let command = getAgentDownloadCommand(ip, osType)
   if (username != '') {
-    command = `Start-Process powershell.exe -ArgumentList "-noexit ${command}" -Credential ${username}`;
+    command += ` -Credential ${username}`;
   }
 
   return command;

From 896cf7a21dd002eccc92f31934efaaf6235fabfd Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Fri, 5 Nov 2021 09:57:20 +0200
Subject: [PATCH 2/5] UI: remove -noexit flag from manual run command, because
 there's no point in opening an empty powershell window

---
 .../pages/RunMonkeyPage/commands/local_windows_powershell.js    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js
index a9f1c0d2c..da5d7c6e7 100644
--- a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js
@@ -4,7 +4,7 @@ import {OS_TYPES} from '../utils/OsTypes';
 export function getAgentDownloadCommand(ip, osType) {
   let bitText = osType === OS_TYPES.WINDOWS_32 ? '32' : '64';
   return `$execCmd = @"\r\n`
-    + `-noexit [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {\`$true};`
+    + `[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {\`$true};`
     + `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/monkey-windows-${bitText}.exe',`
     + `"""$env:TEMP\\monkey.exe""");Start-Process -FilePath '$env:TEMP\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`
     + `\r\n"@; \r\n`

From 4b5c8c23ea639576692b90413a2b9e8f33bf7f66 Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Fri, 5 Nov 2021 10:01:02 +0200
Subject: [PATCH 3/5] UI: removed cmd manual run option for windows

Reasoning behind removal: hard to fix "launch as user" option, agent doesn't support machines without powershell (winXP)
---
 .../RunManually/LocalManualRunOptions.js         |  4 +---
 .../RunMonkeyPage/commands/local_windows_cmd.js  | 16 ----------------
 2 files changed, 1 insertion(+), 19 deletions(-)
 delete mode 100644 monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_cmd.js

diff --git a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/RunManually/LocalManualRunOptions.js b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/RunManually/LocalManualRunOptions.js
index f0b139531..116ba5440 100644
--- a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/RunManually/LocalManualRunOptions.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/RunManually/LocalManualRunOptions.js
@@ -2,7 +2,6 @@ import React, {useEffect, useState} from 'react';
 import InlineSelection from '../../../ui-components/inline-selection/InlineSelection';
 import DropdownSelect from '../../../ui-components/DropdownSelect';
 import {OS_TYPES} from '../utils/OsTypes';
-import GenerateLocalWindowsCmd from '../commands/local_windows_cmd';
 import GenerateLocalWindowsPowershell from '../commands/local_windows_powershell';
 import GenerateLocalLinuxWget from '../commands/local_linux_wget';
 import GenerateLocalLinuxCurl from '../commands/local_linux_curl';
@@ -50,8 +49,7 @@ const getContents = (props) => {
 
   function generateCommands() {
     if (osType === OS_TYPES.WINDOWS_64 || osType === OS_TYPES.WINDOWS_32) {
-      return [{type: 'CMD', command: GenerateLocalWindowsCmd(selectedIp, osType, customUsername)},
-        {type: 'Powershell', command: GenerateLocalWindowsPowershell(selectedIp, osType, customUsername)}]
+      return [{type: 'Powershell', command: GenerateLocalWindowsPowershell(selectedIp, osType, customUsername)}]
     } else {
       return [{type: 'CURL', command: GenerateLocalLinuxCurl(selectedIp, osType, customUsername)},
         {type: 'WGET', command: GenerateLocalLinuxWget(selectedIp, osType, customUsername)}]
diff --git a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_cmd.js b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_cmd.js
deleted file mode 100644
index 8afc50dd0..000000000
--- a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_cmd.js
+++ /dev/null
@@ -1,16 +0,0 @@
-import {OS_TYPES} from '../utils/OsTypes';
-
-
-export default function generateLocalWindowsCmd(ip, osType, username) {
-  let bitText = osType === OS_TYPES.WINDOWS_32 ? '32' : '64';
-  let command = `powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; `
-    + `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/`
-    + `monkey-windows-${bitText}.exe','.\\monkey.exe'); `
-    + `;Start-Process -FilePath '.\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`;
-
-  if (username != '') {
-    command = `runas /user:${username} "cmd /K ${command}"`;
-  }
-
-  return command;
-}

From 7e1e5917cbffb4cdb6239c875468a31e20e9c643 Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Fri, 5 Nov 2021 10:21:05 +0200
Subject: [PATCH 4/5] Changelog: add entry for manual monkey run option
 modifications

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4eb1f0c42..7e8d60747 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,9 +12,11 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ### Removed
 - The VSFTPD exploiter. #1533
+- Manual agent run command for CMD. #1570
 
 ### Fixed
 - A bug in network map page that caused delay of telemetry log loading. #1545
+- Windows "run as a user" powershell command for manual agent runs. #1570
 
 ### Security
 

From c07f842c75bcd7e1097c61e55a919c1554a6f7c5 Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Fri, 5 Nov 2021 15:34:09 +0200
Subject: [PATCH 5/5] UI: small style fixes in local_windows_powershell.js

---
 .../RunMonkeyPage/commands/local_windows_powershell.js      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js
index da5d7c6e7..5c7d5c9a6 100644
--- a/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/RunMonkeyPage/commands/local_windows_powershell.js
@@ -1,19 +1,19 @@
 import {OS_TYPES} from '../utils/OsTypes';
 
 
-export function getAgentDownloadCommand(ip, osType) {
+function getAgentDownloadCommand(ip, osType) {
   let bitText = osType === OS_TYPES.WINDOWS_32 ? '32' : '64';
   return `$execCmd = @"\r\n`
     + `[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {\`$true};`
     + `(New-Object System.Net.WebClient).DownloadFile('https://${ip}:5000/api/monkey/download/monkey-windows-${bitText}.exe',`
     + `"""$env:TEMP\\monkey.exe""");Start-Process -FilePath '$env:TEMP\\monkey.exe' -ArgumentList 'm0nk3y -s ${ip}:5000';`
     + `\r\n"@; \r\n`
-    + `Start-Process -FilePath powershell.exe -ArgumentList $execCmd`
+    + `Start-Process -FilePath powershell.exe -ArgumentList $execCmd`;
 }
 
 export default function generateLocalWindowsPowershell(ip, osType, username) {
   let command = getAgentDownloadCommand(ip, osType)
-  if (username != '') {
+  if (username !== '') {
     command += ` -Credential ${username}`;
   }