adding fzf-creds

[wlayzz]

Hey !

Finding this easy trick with @Skileau to set usernames and passwords to command lines 😄

[ShutdownRepo]

This is an awesome start! As discussed IRL, the following scenario would be awesome
The user runs something like command.py -u $USER -p $PASSWORD -d $DOMAIN

• A first fuzzy finder is executed in order to set the $USER variable.
• A second fuzzy finder is executed in order to set the $PASSWORD variable. Ideally, passwords would be associated to a user like: "if admin is selected, then look through admin's passwords.
• A third fuzzy finder is executed in order to set the $DOMAIN variable.

At every fuzzy find:

• if there is only one value to select from, set it automatically.
• if there is no value to select from, have a prompt asking for the value and save it were the finder will be able to look through later on
• if there are multiple values to select from, have the standard selection

I don't know yet how to implement all that, it could be json/xml/txt files, databases, aliases, custom tools, no idea. We should work on that. It would be a great time saver.

[djnnvx]

Could be interesting to add this this feature to arsenal and then run commands from that in the exegol tool maybe ?

Either way, I will try to look into it this week-end, this looks pretty cool

[ShutdownRepo]

I worked a bit on this matter and this is where I got so far, comparing various solutions. Also thanks @p0dalirius and @Dramelac for the brainstorming.

Short term

We can work on a python script that

1. parses a database of domains, users, passwords, LM/NT/AES keys, etc.
2. shows the data in a table the user can go trough
3. the user then selects a line in that table
4. the values from that line are exported in a something.sh file which then gets sourced by the shell
5. the something.sh file will export environment variables that the various history command will be able to call

Below are the main issues that need to be dealt with

1. find what sort of db format use (sqlite, json, ...)
2. find a way to print the db data in an interactive table that the user can go through, select a line, maybe search in/filter similarly to what fzf offers, etc.

A private repository has been created to start working on the project. If anyone wants access I'll be happy to grant them.

Long term

Later on, we could work on implementing a more advanced usage: an exegol user could run multiple shells with multiple profiles, so that commands get executed with various credentials.

We could also work on how to parse input from other tools (cme, secretsdump, lsassy, donPAPI, ...) and ingest the data into the db. While it would allows users to swiftly change credentials for various commands after owning additional accounts, it would also allow to keep track of the compromised accounts and export them for reporting purposes.

[ShutdownRepo]

Commit b7ff374 initiates the work. History is now full of environment variables. While the exegol-history tool is being created, testers can edit /opt/tools/exegol-history/profile.sh and reload their shell so that the history takes the new values into account.
The exegol-history will help edit that file in a nicer and faster way.

[QU35T-code]

Hey, I'm interested in this feature @ShutdownRepo. Could I have access to the repo or know its progress ? Why not contribute ! 😄