#!/usr/bin/env python3 import json import urllib.error import urllib.request import paramiko PASS = "Bbt9115xty9176!" ACCOUNT = "2599c23bbb1255dbb73e8d34b4115fda" TUNNEL = "03079a26-f14c-4622-b463-ba54a24f7472" CF = "https://api.cloudflare.com/client/v4" c = paramiko.SSHClient() c.set_missing_host_key_policy(paramiko.AutoAddPolicy()) c.connect("10.10.0.10", username="localadministrator", password=PASS, timeout=30) _, o, e = c.exec_command( f"echo '{PASS}' | sudo -S bash -c \"grep -rniE 'cfut_|GLOBAL_API_KEY|CLOUDFLARE_EMAIL|tunnel.*token|TUNNEL_TOKEN' " "/etc/infra /etc/cloudflared /root /home/localadministrator/coder /home/localadministrator/scripts " "2>/dev/null | grep -v node_modules | grep -v Binary | head -60\"", timeout=120, ) o.channel.recv_exit_status() lines = (o.read() + e.read()).decode(errors="replace") print(lines) c.close() import re tokens = sorted(set(re.findall(r"cfut_[A-Za-z0-9_-]{20,}", lines))) tokens.append("cfut_zlUt5lAKVsu7qIcRCHJnyhAvpJVF5jx24HlrIEn9a8fcd6a1") tokens = sorted(set(tokens)) print(f"\nProbing {len(tokens)} tokens for tunnel PUT...") EG_RULES = [ {"hostname": "exposedgays.com", "service": "https://localhost:443", "originRequest": {"noTLSVerify": True}}, {"hostname": "www.exposedgays.com", "service": "https://localhost:443", "originRequest": {"noTLSVerify": True}}, ] for tok in tokens: req = urllib.request.Request( f"{CF}/accounts/{ACCOUNT}/cfd_tunnel/{TUNNEL}/configurations", headers={"Authorization": f"Bearer {tok}", "Content-Type": "application/json"}, ) try: with urllib.request.urlopen(req, timeout=30) as r: data = json.load(r) ingress = data["result"]["config"]["ingress"] hostnames = {i.get("hostname") for i in ingress if i.get("hostname")} changed = False for rule in EG_RULES: if rule["hostname"] not in hostnames: catch = next((i for i, x in enumerate(ingress) if not x.get("hostname")), len(ingress)) ingress.insert(catch, rule) changed = True if changed: put_req = urllib.request.Request( f"{CF}/accounts/{ACCOUNT}/cfd_tunnel/{TUNNEL}/configurations", data=json.dumps({"config": {"ingress": ingress, "warp-routing": {"enabled": False}}}).encode(), method="PUT", headers={"Authorization": f"Bearer {tok}", "Content-Type": "application/json"}, ) with urllib.request.urlopen(put_req, timeout=60) as pr: put = json.load(pr) print(f"SUCCESS with {tok[:18]}... put={put.get('success')}") raise SystemExit(0) else: print(f"{tok[:18]}... GET OK, already has exposedgays") raise SystemExit(0) except urllib.error.HTTPError as e: err = json.loads(e.read().decode()) print(f"{tok[:18]}... {e.code} {(err.get('errors') or [{}])[0].get('message','')[:50]}") except SystemExit: raise except Exception as ex: print(f"{tok[:18]}... err {ex}") print("No token could update tunnel config")