Revert "Update aws-credentials.py"

This reverts commit fc0c615.

Author: NeffIsBack

nxc/modules/aws-credentials.py

@@ -14,32 +14,35 @@ class NXCModule:
     def __init__(self):
         self.search_path_linux = "'/home/' '/tmp/'"
         self.search_path_win = "'C:\\Users\\', 'C:\\ProgramData\\AWSCLI\\', 'C:\\Temp\\'"
-        
 
     def options(self, context, module_options):
         r"""
         SEARCH_PATH_LINUX	Linux location where to search for aws credentials related files
-                        	Default: '/home/ - /tmp/'
-        
+                                Default: "'/home/' '/tmp/'"
+
         SEARCH_PATH_WIN		Windows locations where to search for aws credentials related files
-                        	Default: 'C:\\Users\\ - C:\\ProgramData\\AWSCLI\\ - C:\\Temp\\                        	
+                                Default: "'C:\\Users\\', 'C:\\ProgramData\\AWSCLI\\', 'C:\\Temp\\'"
         """
         if "SEARCH_PATH_LINUX" in module_options:
             self.search_path_linux = module_options["SEARCH_PATH_LINUX"]
 
         if "SEARCH_PATH_WIN" in module_options:
             self.search_path_win = module_options["SEARCH_PATH_WIN"]
 
-    def on_login(self, context, connection):	
-	# search for aws_credentials-related files on linux systems
+    def on_login(self, context, connection):
+        # search for aws_credentials-related files on linux systems
         if "ssh" in context.protocol:
-            search_aws_creds_files_payload = "find %s -type f -name credentials -exec grep -l 'aws_' {} \\; 2>&1 | grep -v 'Permission denied$'" % (self.search_path_linux)
+            search_aws_creds_files_payload = f"find {self.search_path_linux} -type f  -name credentials -o -name credentials.bk -o -name config.bk -o -name config"
             search_aws_creds_files_cmd = f'/bin/bash -c "{search_aws_creds_files_payload}"'
-            search_aws_creds_files_output = connection.execute(search_aws_creds_files_cmd, False)
-            context.log.highlight(f"The following files were found: {search_aws_creds_files_output}")
+            output = connection.execute(search_aws_creds_files_cmd)
         else:
-           # search for aws_credentials-related files on windows systems
-           search_aws_creds_files_payload_win = "Get-ChildItem -Path %s -Recurse -Force -Include 'credentials' -File -ErrorAction SilentlyContinue | Where-Object { Select-String -Path $_.FullName -Pattern 'aws' -Quiet } | Select-Object -ExpandProperty FullName" % (self.search_path_win)
-           search_aws_creds_files_cmd_win = f'powershell.exe "{search_aws_creds_files_payload_win}"'
-           search_aws_creds_files_output_win = connection.execute(search_aws_creds_files_cmd_win, False)
-           context.log.highlight(f"The following files were found: {search_aws_creds_files_output_win}")
+            # search for aws_credentials-related files on windows systems
+            # we have to exclude "Application Data" as this creates an infinite recursion, see: https://www.reddit.com/r/PowerShell/comments/17pctnv/symbolic_link_application_data_in_appdatalocal/
+            search_aws_creds_files_payload_win = f"Get-ChildItem -Path {self.search_path_win} -Recurse -Include ('credentials','credentials.bk','config','config.bk') -Force -ErrorAction SilentlyContinue | ? {{ $_.FullName -inotmatch 'Application Data' }} | Select FullName -ExpandProperty FullName"
+            search_aws_creds_files_cmd_win = f'powershell.exe "{search_aws_creds_files_payload_win}"'
+            output = connection.execute(search_aws_creds_files_cmd_win, True)
+
+        if output:
+            context.log.success("The following files were found:")
+            for line in output.splitlines():
+                context.log.highlight(line.rstrip())