@@ -7,7 +7,7 @@ class NXCModule:
77
88 name = "aws-credentials"
99 description = "Search for aws credentials files."
10- supported_protocols = ["ssh" , "smb" , "winrm" , "wmi" ]
10+ supported_protocols = ["ssh" , "smb" , "winrm" ]
1111 opsec_safe = True
1212 multiple_hosts = True
1313
@@ -34,11 +34,15 @@ def on_login(self, context, connection):
3434 if "ssh" in context .protocol :
3535 search_aws_creds_files_payload = f"find { self .search_path_linux }
3636 search_aws_creds_files_cmd = f'/bin/bash -c "{ search_aws_creds_files_payload }
37- search_aws_creds_files_output = connection .execute (search_aws_creds_files_cmd , True )
37+ search_aws_creds_files_output = connection .execute (search_aws_creds_files_cmd )
3838 context .log .highlight (f"The following files were found: { search_aws_creds_files_output } )
3939 else :
4040 # search for aws_credentials-related files on windows systems
4141 search_aws_creds_files_payload_win = f"Get-ChildItem -Path { self .search_path_win }
4242 search_aws_creds_files_cmd_win = f'powershell.exe "{ search_aws_creds_files_payload_win }
43- search_aws_creds_files_output_win = connection .execute (search_aws_creds_files_cmd_win , True )
43+ # Somehow wmiexec retrieves bugged output (smb), removing it from the list
44+ if "smb" in context .protocol : # noqa: SIM108
45+ search_aws_creds_files_output_win = connection .execute (search_aws_creds_files_cmd_win , True , methods = ["atexec" , "smbexec" , "mmcexec" ])
46+ else :
47+ search_aws_creds_files_output_win = connection .execute (search_aws_creds_files_cmd_win , True )
4448 context .log .highlight (f"The following files were found: { search_aws_creds_files_output_win } )
0 commit comments