89 lines
3.5 KiB
Python
89 lines
3.5 KiB
Python
#!/usr/bin/env python3
|
|
import json
|
|
import re
|
|
import urllib.error
|
|
import urllib.request
|
|
import paramiko
|
|
|
|
PASS = "Bbt9115xty9176!"
|
|
ACCOUNT = "2599c23bbb1255dbb73e8d34b4115fda"
|
|
TUNNEL = "03079a26-f14c-4622-b463-ba54a24f7472"
|
|
CF = "https://api.cloudflare.com/client/v4"
|
|
|
|
tokens = set()
|
|
for host, user, sudo in [
|
|
("10.10.0.10", "localadministrator", True),
|
|
("10.10.0.1", "admin", False),
|
|
]:
|
|
c = paramiko.SSHClient()
|
|
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
c.connect(host, username=user, password=PASS, timeout=15)
|
|
if sudo:
|
|
cmd = (
|
|
f"echo '{PASS}' | sudo -S bash -c \""
|
|
"grep -rhoE 'cfut_[A-Za-z0-9_-]{20,}' "
|
|
"/etc/infra /etc/cloudflared /root /home/localadministrator "
|
|
"/data/coolify 2>/dev/null | sort -u\""
|
|
)
|
|
else:
|
|
cmd = "grep -oE 'cfut_[A-Za-z0-9_-]{20,}' /usr/local/etc/wan-dns-failover.env /usr/local/etc/*.env 2>/dev/null"
|
|
_, o, e = c.exec_command(cmd, timeout=180)
|
|
o.channel.recv_exit_status()
|
|
for line in (o.read() + e.read()).decode().splitlines():
|
|
if line.startswith("cfut_"):
|
|
tokens.add(line.strip())
|
|
c.close()
|
|
|
|
# local workspace tokens
|
|
for t in [
|
|
"cfut_vF51avCWJV9EnCM4lXS2v60jXo6TPQZ0yxESHuRn5b0f3515",
|
|
"cfut_IOm1DJW4pDkPCuQA6UoOjqO6Tcv2zU10y2PSw82m379f7db3f7",
|
|
]:
|
|
tokens.add(t)
|
|
|
|
print(f"probing {len(tokens)} tokens for tunnel PUT...")
|
|
|
|
EG = [
|
|
{"hostname": "exposedgays.com", "service": "https://localhost:443", "originRequest": {"noTLSVerify": True}},
|
|
{"hostname": "www.exposedgays.com", "service": "https://localhost:443", "originRequest": {"noTLSVerify": True}},
|
|
]
|
|
|
|
for tok in sorted(tokens):
|
|
req = urllib.request.Request(
|
|
f"{CF}/accounts/{ACCOUNT}/cfd_tunnel/{TUNNEL}/configurations",
|
|
headers={"Authorization": f"Bearer {tok}", "Content-Type": "application/json"},
|
|
)
|
|
try:
|
|
with urllib.request.urlopen(req, timeout=30) as r:
|
|
data = json.load(r)
|
|
ingress = data["result"]["config"]["ingress"]
|
|
hostnames = {i.get("hostname") for i in ingress if i.get("hostname")}
|
|
changed = False
|
|
for rule in EG:
|
|
if rule["hostname"] not in hostnames:
|
|
catch = next((i for i, x in enumerate(ingress) if not x.get("hostname")), len(ingress))
|
|
ingress.insert(catch, rule)
|
|
changed = True
|
|
if changed:
|
|
put_req = urllib.request.Request(
|
|
f"{CF}/accounts/{ACCOUNT}/cfd_tunnel/{TUNNEL}/configurations",
|
|
data=json.dumps({"config": {"ingress": ingress, "warp-routing": {"enabled": False}}}).encode(),
|
|
method="PUT",
|
|
headers={"Authorization": f"Bearer {tok}", "Content-Type": "application/json"},
|
|
)
|
|
with urllib.request.urlopen(put_req, timeout=60) as pr:
|
|
put = json.load(pr)
|
|
print(f"SUCCESS PUT with {tok[:20]}... success={put.get('success')}")
|
|
raise SystemExit(0)
|
|
print(f"{tok[:20]}... GET OK already has exposedgays")
|
|
raise SystemExit(0)
|
|
except urllib.error.HTTPError as e:
|
|
err = json.loads(e.read().decode())
|
|
msg = (err.get("errors") or [{}])[0].get("message", "")[:40]
|
|
print(f"{tok[:20]}... {e.code} {msg}")
|
|
except SystemExit:
|
|
raise
|
|
except Exception as ex:
|
|
print(f"{tok[:20]}... err {ex}")
|
|
|
|
print("NO TOKEN WITH TUNNEL CONFIG ACCESS") |