Extend windows PBA for all users on system

monkey/infection_monkey/post_breach/actions/modify_shell_startup_files.py

@@ -2,7 +2,6 @@ from common.data.post_breach_consts import POST_BREACH_SHELL_STARTUP_FILE_MODIFI
 from infection_monkey.post_breach.pba import PBA
 from infection_monkey.post_breach.shell_startup_files.shell_startup_files_modification import\
     get_commands_to_modify_shell_startup_files
-from infection_monkey.utils.environment import is_windows_os
 
 
 class ModifyShellStartupFiles(PBA):
@@ -21,10 +20,14 @@ class ModifyShellStartupFiles(PBA):
 
 class ShellStartupPBAGenerator():
     def get_modify_shell_startup_pbas():
-        (cmds_for_linux, shell_startup_files_for_linux, usernames_for_linux), windows_cmds =\
-            get_commands_to_modify_shell_startup_files()
+        (cmds_for_linux, shell_startup_files_for_linux, usernames_for_linux),\
+        (cmds_for_windows, shell_startup_files_per_user_for_windows) = get_commands_to_modify_shell_startup_files()
 
-        pbas = [ModifyShellStartupFile(linux_cmds='', windows_cmds=windows_cmds)]
+        pbas = []
+
+        for startup_file_per_user in shell_startup_files_per_user_for_windows:
+            windows_cmds = ' '.join(cmds_for_windows).format(startup_file_per_user)
+            pbas.append(ModifyShellStartupFile(linux_cmds='', windows_cmds=['powershell.exe', windows_cmds]))
 
         for username in usernames_for_linux:
             for shell_startup_file in shell_startup_files_for_linux:

monkey/infection_monkey/post_breach/shell_startup_files/windows/shell_startup_files_modification.py

@@ -1,12 +1,27 @@
-SHELL_STARTUP_FILE = '$Profile'
+import subprocess
+from infection_monkey.utils.environment import is_windows_os
 
 
 def get_windows_commands_to_modify_shell_startup_files():
+    if not is_windows_os():
+        return '', []
+
+    # get powershell startup file path
+    SHELL_STARTUP_FILE = subprocess.check_output('powershell $Profile').decode().split("\r\n")[0]
+    SHELL_STARTUP_FILE_PATH_COMPONENTS = SHELL_STARTUP_FILE.split("\\")
+
+    # get list of usernames
+    USERS = subprocess.check_output('dir C:\\Users /b', shell=True).decode().split("\r\n")[:-1]
+
+    STARTUP_FILES_PER_USER = ['\\'.join(SHELL_STARTUP_FILE_PATH_COMPONENTS[:2] +
+                                        [user] +
+                                        SHELL_STARTUP_FILE_PATH_COMPONENTS[3:])
+                              for user in USERS]
+
     return [
-        'powershell.exe',  # run with powershell
-        'Add-Content {0} '.format(SHELL_STARTUP_FILE),
-        '\"# Successfully modified {0}\" ;'.format(SHELL_STARTUP_FILE),  # add line to $profile
-        'cat {0} | Select -last 1 ;'.format(SHELL_STARTUP_FILE),  # print last line of $profile
-        '$OldProfile = cat {0} | Select -skiplast 1 ;'.format(SHELL_STARTUP_FILE),
-        'Set-Content {0} -Value $OldProfile ;'.format(SHELL_STARTUP_FILE)  # remove last line of $profile
-    ]
+        'Add-Content {0}',
+        '\"# Successfully modified {0}\" ;',  # add line to $profile
+        'cat {0} | Select -last 1 ;',  # print last line of $profile
+        '$OldProfile = cat {0} | Select -skiplast 1 ;',
+        'Set-Content {0} -Value $OldProfile ;'  # remove last line of $profile
+    ], STARTUP_FILES_PER_USER