From 7f71901a29e1943e50f4d63e6ec9d482c87e759a Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Mon, 23 Aug 2021 11:12:51 -0400 Subject: [PATCH] Agent: Use path relative to __file__ to locate powershell scripts --- .../windows/shell_startup_files_modification.py | 6 ++++-- .../post_breach/timestomping/windows/timestomping.py | 7 ++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py index 62fd9425e..9d90f3812 100644 --- a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py +++ b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py @@ -1,7 +1,10 @@ import subprocess +from pathlib import Path from infection_monkey.utils.environment import is_windows_os +MODIFY_POWERSHELL_STARTUP_SCRIPT = Path(__file__).parent / "modify_powershell_startup_file.ps1" + def get_windows_commands_to_modify_shell_startup_files(): if not is_windows_os(): @@ -28,7 +31,6 @@ def get_windows_commands_to_modify_shell_startup_files(): return [ "powershell.exe", - "infection_monkey/post_breach/shell_startup_files/windows" - "/modify_powershell_startup_file.ps1", + str(MODIFY_POWERSHELL_STARTUP_SCRIPT), "-startup_file_path {0}", ], STARTUP_FILES_PER_USER diff --git a/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py b/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py index 2479317cc..1316caa5a 100644 --- a/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py +++ b/monkey/infection_monkey/post_breach/timestomping/windows/timestomping.py @@ -1,5 +1,10 @@ +from pathlib import Path + +TIMESTOMPING_SCRIPT = Path(__file__).parent / "timestomping.ps1" + + def get_windows_timestomping_commands(): - return "powershell.exe infection_monkey/post_breach/timestomping/windows/timestomping.ps1" + return f"powershell.exe {TIMESTOMPING_SCRIPT}" # Commands' source: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.006