Solving "Deployment request failed due to in progress deployment."
Short guide to solve this problem using Github API
Extracting AD hashes from Unix systems
With this script it is possible to extract Active Directory accounts’ hashes when credential caching is enabled in the SSSD service.
covert-control - Control systems with OneDrive, Google Drive, Youtube or Telegram
Control systems remotely by uploading files to Google Drive, OneDrive, Youtube or Telegram using Python to create the files and the listeners. It allows to create text files, images, audio or videos, with the commands in cleartext or encrypted using AES.
Using the HTTP protocol version for exfiltration
Releasing http-protocol-exfil, a tool that uses the HTTP protocol version to send a file bit by bit (“HTTP/1.0” is a 0 and “HTTP/1.1” is a 1). It uses GET requests so the Blue Team would only see the requests to your IP address.
covert-tube - Control systems with Youtube
A program to control systems remotely by uploading videos to Youtube using Python to create the videos and the listener, similar to some malware I was reading about. It allows to create videos with frames formed of simple text, QR codes with cleartext or QR codes using AES encryption.
Exfiltrating files using MSSQL
A scenario where we have to upload files to a server whose MSSQL credentials we know (so we have remote code execution) but the server is in other network. For that, we will transfer the base64-encoded file line by line.
CVE-2021-40845 - AlphaWeb Authenticated RCE
AlphaWeb XE, the embedded web server running on AlphaCom XE, has a vulnerability which allows to upload PHP files leading to RCE once the authentication is successful.