惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 叶小钗
Cisco Talos Blog
Cisco Talos Blog
S
Schneier on Security
T
Threat Research - Cisco Blogs
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
T
Tenable Blog
S
Secure Thoughts
T
Threatpost
V2EX - 技术
V2EX - 技术
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
罗磊的独立博客
P
Privacy & Cybersecurity Law Blog
Engineering at Meta
Engineering at Meta
小众软件
小众软件
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
Y
Y Combinator Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
P
Privacy International News Feed
H
Heimdal Security Blog
量子位
B
Blog

Homepage on Aditya Telange

One Year with evil-winrm-py - A Retrospective Bypassing LinkedIn's Connection Privacy with a Simple Search Filter Making Dynamic Instrumentation Accessible with Frida UI Breaking Payload Encryption in Web Applications HackTheBox (HTB) - Escape HackTheBox (HTB) - Resolute HackTheBox (HTB) - Certified State of VMWare Workstation (Pro?) on Linux Android App Security Testing Lab with MobSleuth Android phone as a Webcam on Linux Breaking down Reverse shell commands HackTheBox (HTB) - Photobomb Merging AOSP Security Patches into Custom ROMs Primer on HTTP Security Headers Image Zoom-In effect with HUGO HackTheBox (HTB) - Legacy HackTheBox (HTB) - Lame Cryptohack - Keyed Permutations [5 pts] Cryptohack - Resisting Bruteforce [10 pts] Cryptohack - RSA Starter 1 [10 pts] Cryptohack - Base64 [10 pts] Cryptohack - Bytes and Big Integers [10 pts] Cryptohack - Hex [5 pts] Cryptohack- XOR Starter [10 pts] HackTheBox (HTB) - Horizontall HackTheBox (HTB) - Forge HackTheBox (HTB) - Previse HackTheBox (HTB) - BountyHunter HackTheBox (HTB) - Explore HackTheBox (HTB) - Cap HackTheBox (HTB) - Pit HackTheBox (HTB) - Knife HackTheBox (HTB) - Love HackTheBox (HTB) - Tenet HackTheBox (HTB) - Ready Watermarking images with HUGO My Github Project went viral! Cryptohack - ASCII [5 pts] Cryptohack - Finding Flags [2 pts] Cryptohack - Great Snakes [3 pts] Cryptohack - JWT Sessions [10 pts] Cryptohack - Network Attacks [5 pts] Cryptohack - Token Appreciation [5 pts] CAF's Android for MSM Basic Website Analytics with Vercel Addition of prebuilt APK - AOSP Rom Development External Link With target='_blank' in Hugo Markdown Setting Up Build Environment - AOSP Rom Development Getting Started - AOSP Rom Development Using Secure HTTP Headers with Vercel/Zeit Education and Certifications Link Tree ↟ | Aditya Telange Personal Projects Resume - Aditya Telange Security Acknowledgements About Me Graph View License Privacy Policy
Github Actions as Temporary File Sharing Platform
[Aditya Telange](https://x.com/adityatelange) · 2020-09-26 · via Homepage on Aditya Telange

Introduction

Github Actions, is a continuous integration tool from GitHub, offers developers a new way to automate workflows.

Each action, which is a set of custom instructions can be combined with other actions to create a workflow.

Github Actions container specifications 🏷

When I ran some tests on Github actions, I found out that these temporary containers are very powerful machines. Below are some specs (for Ubuntu 18.04):

  • CPU: Intel Xeon E5-2673 v4 (2) @ 2.294GHz
  • Memory: Around 500MB (test showed usage 470MiB / 6954MiB )
  • GPU: Microsoft Corporation Hyper-V virtual VGA
  • Free Space (approx.): 20G
  • SpeedTest:
    • Download: 1180.01 Mbit/s
    • Upload: 699.50 Mbit/s

speedtest results

That was pretty amazing ✨. Moreover it was capable of installing multiple packages and running multiple languages.


Let’s get Started 🚀

The scope of this article is to get a Temporary File Sharing Platform for short amount of time

What do we need to make this work ?

  1. A Github Account (Free tier)
  2. Ngrok Account (Free tier)

Step 1:

Create a Github Repository, can be public (as we don’t share/show Ngrok URL details with anyone)

Step 2:

Create a file named fileshare.yml under .github/workflows, so that file path will be .github/workflows/fileshare.yml

Step 3:

Below is the workflow we need to use … It’s pretty basic, you may add more params to browsepy or use pyngrok for more functionality :)

Paste the code below in fileshare.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: TempFileShare

on:
    workflow_dispatch:
        # enables manual run

env:
    AUTHTOKEN: ${{ secrets.NGROK_AUTHTOKEN }}
    NGROK_LINUX_ZIP: "https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip"
    # Above url may change upon newer versions available at https://ngrok.com/download

jobs:
    serve:
        runs-on: ubuntu-latest

        # Steps represent a sequence of tasks that will be executed as part of the job
        steps:
            - name: setup python
              uses: actions/setup-python@v2
              with:
                  python-version: 3.8 #install the python needed

            - name: setup
              run: |
                  wget ${NGROK_LINUX_ZIP}
                  unzip ngrok-stable-linux-amd64.zip
                  ./ngrok authtoken ${AUTHTOKEN}
                  pip install browsepy

            - name: start server
              run: |
                  ./ngrok http 8080 &
                  mkdir public
                  df -h public # echos free space
                  timeout 20m browsepy 0.0.0.0 8080 --directory public/ --upload public/
                  rm -rf public/
                  rm -rf ~/.ngrok2/

We will be using BrowsePy - a simple web file browser using Flask. This has feature that we need:

  • Simple, like Python’s SimpleHTTPServer or Apache’s Directory Listing.
  • Downloadable directories, streaming directory tarballs on the fly.
  • Optional remove for files under given path.
  • Optional upload for directories under given path.

Ngrok offers, in Free tier:

  • HTTP/TCP tunnels on random URLs/ports
  • 1 online ngrok process
  • 4 tunnels per ngrok process
  • 40 connections per minute

which is fair for this project.

I have added timeout 20m so that ‘browsepy’ will quit after 20 minutes, although github actions can run for ~50 minutes !

At last we remove uploaded files and auth-token from runner by

rm -rf public/
rm -rf ~/.ngrok2/

Step 4:

Now we have to do 2 more steps for Ngrok to work:

  1. Get the Ngrok Authtoken from https://dashboard.ngrok.com/auth/your-authtoken which will be different for each account
  2. Put the Ngrok Authtoken in https://github.com/<your repo>/settings/secrets as

setting secrets in github actions

Step 5:

We can now go to Actions Tab for Repository created

Actions Tab

And RUN the workflow

Running workflow

After Running go to ngrok dashboard to find the Tunnel Url

Tunnels Online : https://dashboard.ngrok.com/status/tunnels

Finally 🎉

Go to the https://<tunnel url>.ngrok.io/ and enjoy Temporary File Sharing

Running share service

Kudos to you if you have read so far 🙌