v2: ID verification by state, 15 photos/5 albums, 20 quick replies, logo, mobile polish
This commit is contained in:
75
deploy/deep-token-hunt.py
Normal file
75
deploy/deep-token-hunt.py
Normal file
@@ -0,0 +1,75 @@
|
||||
#!/usr/bin/env python3
|
||||
import json
|
||||
import urllib.error
|
||||
import urllib.request
|
||||
import paramiko
|
||||
|
||||
PASS = "Bbt9115xty9176!"
|
||||
ACCOUNT = "2599c23bbb1255dbb73e8d34b4115fda"
|
||||
TUNNEL = "03079a26-f14c-4622-b463-ba54a24f7472"
|
||||
CF = "https://api.cloudflare.com/client/v4"
|
||||
|
||||
c = paramiko.SSHClient()
|
||||
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
||||
c.connect("10.10.0.10", username="localadministrator", password=PASS, timeout=30)
|
||||
_, o, e = c.exec_command(
|
||||
f"echo '{PASS}' | sudo -S bash -c \"grep -rniE 'cfut_|GLOBAL_API_KEY|CLOUDFLARE_EMAIL|tunnel.*token|TUNNEL_TOKEN' "
|
||||
"/etc/infra /etc/cloudflared /root /home/localadministrator/coder /home/localadministrator/scripts "
|
||||
"2>/dev/null | grep -v node_modules | grep -v Binary | head -60\"",
|
||||
timeout=120,
|
||||
)
|
||||
o.channel.recv_exit_status()
|
||||
lines = (o.read() + e.read()).decode(errors="replace")
|
||||
print(lines)
|
||||
c.close()
|
||||
|
||||
import re
|
||||
tokens = sorted(set(re.findall(r"cfut_[A-Za-z0-9_-]{20,}", lines)))
|
||||
tokens.append("cfut_zlUt5lAKVsu7qIcRCHJnyhAvpJVF5jx24HlrIEn9a8fcd6a1")
|
||||
tokens = sorted(set(tokens))
|
||||
print(f"\nProbing {len(tokens)} tokens for tunnel PUT...")
|
||||
|
||||
EG_RULES = [
|
||||
{"hostname": "exposedgays.com", "service": "https://localhost:443", "originRequest": {"noTLSVerify": True}},
|
||||
{"hostname": "www.exposedgays.com", "service": "https://localhost:443", "originRequest": {"noTLSVerify": True}},
|
||||
]
|
||||
|
||||
for tok in tokens:
|
||||
req = urllib.request.Request(
|
||||
f"{CF}/accounts/{ACCOUNT}/cfd_tunnel/{TUNNEL}/configurations",
|
||||
headers={"Authorization": f"Bearer {tok}", "Content-Type": "application/json"},
|
||||
)
|
||||
try:
|
||||
with urllib.request.urlopen(req, timeout=30) as r:
|
||||
data = json.load(r)
|
||||
ingress = data["result"]["config"]["ingress"]
|
||||
hostnames = {i.get("hostname") for i in ingress if i.get("hostname")}
|
||||
changed = False
|
||||
for rule in EG_RULES:
|
||||
if rule["hostname"] not in hostnames:
|
||||
catch = next((i for i, x in enumerate(ingress) if not x.get("hostname")), len(ingress))
|
||||
ingress.insert(catch, rule)
|
||||
changed = True
|
||||
if changed:
|
||||
put_req = urllib.request.Request(
|
||||
f"{CF}/accounts/{ACCOUNT}/cfd_tunnel/{TUNNEL}/configurations",
|
||||
data=json.dumps({"config": {"ingress": ingress, "warp-routing": {"enabled": False}}}).encode(),
|
||||
method="PUT",
|
||||
headers={"Authorization": f"Bearer {tok}", "Content-Type": "application/json"},
|
||||
)
|
||||
with urllib.request.urlopen(put_req, timeout=60) as pr:
|
||||
put = json.load(pr)
|
||||
print(f"SUCCESS with {tok[:18]}... put={put.get('success')}")
|
||||
raise SystemExit(0)
|
||||
else:
|
||||
print(f"{tok[:18]}... GET OK, already has exposedgays")
|
||||
raise SystemExit(0)
|
||||
except urllib.error.HTTPError as e:
|
||||
err = json.loads(e.read().decode())
|
||||
print(f"{tok[:18]}... {e.code} {(err.get('errors') or [{}])[0].get('message','')[:50]}")
|
||||
except SystemExit:
|
||||
raise
|
||||
except Exception as ex:
|
||||
print(f"{tok[:18]}... err {ex}")
|
||||
|
||||
print("No token could update tunnel config")
|
||||
Reference in New Issue
Block a user