From 04eb0650cd1e030e9ba401a121b61fe2398268fc Mon Sep 17 00:00:00 2001
From: Shreya <shreya.malviya@gmail.com>
Date: Tue, 4 Aug 2020 14:49:43 +0530
Subject: [PATCH] Create $Profile if it doesn't exist

(Runs a powershell script instead of commands like other PBAs)
---
 .../post_breach/actions/modify_shell_startup_files.py |  2 +-
 .../windows/modify_powershell_startup_file.ps1        | 11 +++++++++++
 .../windows/shell_startup_files_modification.py       |  8 +++-----
 3 files changed, 15 insertions(+), 6 deletions(-)
 create mode 100644 monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1

diff --git a/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py b/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py
index f7bd43a6e..e12e0c446 100644
--- a/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py
+++ b/monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py
@@ -35,7 +35,7 @@ class ModifyShellStartupFiles(PBA):
 
             for startup_file_per_user in shell_startup_files_per_user_for_windows:
                 windows_cmds = ' '.join(cmds_for_windows).format(startup_file_per_user)
-                pbas.append(self.ModifyShellStartupFile(linux_cmds='', windows_cmds=['powershell.exe', windows_cmds]))
+                pbas.append(self.ModifyShellStartupFile(linux_cmds='', windows_cmds=windows_cmds))
 
             for username in usernames_for_linux:
                 for shell_startup_file in shell_startup_files_for_linux:
diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1 b/monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1
new file mode 100644
index 000000000..72a925e52
--- /dev/null
+++ b/monkey/infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1
@@ -0,0 +1,11 @@
+param (
+    [string]$startup_file_path = $profile
+)
+
+If (!(Test-Path $startup_file_path)) {  # create profile.ps1 file if it doesn't exist already
+    New-Item -Path $startup_file_path -ItemType "file" -Force
+}
+Add-Content $startup_file_path "# Successfully modified $startup_file_path" ;  # add line to $Profile
+cat $startup_file_path | Select -last 1 ;  # print last line of $Profile
+$OldProfile = cat $startup_file_path | Select -skiplast 1 ;
+Set-Content $startup_file_path -Value $OldProfile ;
diff --git a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
index f39f1c1dd..a4d32938e 100644
--- a/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
+++ b/monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py
@@ -21,9 +21,7 @@ def get_windows_commands_to_modify_shell_startup_files():
                               for user in USERS]
 
     return [
-        'Add-Content {0}',
-        '\"# Successfully modified {0}\" ;',  # add line to $profile
-        'cat {0} | Select -last 1 ;',  # print last line of $profile
-        '$OldProfile = cat {0} | Select -skiplast 1 ;',
-        'Set-Content {0} -Value $OldProfile ;'  # remove last line of $profile
+        'powershell.exe',
+        'infection_monkey/post_breach/shell_startup_files/windows/modify_powershell_startup_file.ps1',
+        '-startup_file_path {0}'
     ], STARTUP_FILES_PER_USER