Reassembling Werkzeug's Pin - Hacking Flask Debug Mode [Part 1]
Flask is a really common Python web framework, and one of the features it offers is a debug mode. In this mode, when your application crashes, it gives not only the stanard stack trace, but the ability to drop into a Python repl or shell at that point and run commands. Any pentester / hacker immediately perks up at this mention, because that's just RCE. Flask knew this was dangerous, with all sorts of warnings not to run this in production, but it still happened. In 2015 with version 0.11, Flask added a pin feature to limit access to the terminal, but the pin is calculated based on information on the running system. In this video, we're going to:
start with a really simple flask application and show debug mode
look at the werkzeug code that generates the pin
look at the common guides out there for hacking the pin
show how they don't take into account what happens with the script is started with a server like gunicorn
show how to get the pin in these cases.
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[01:44] Introduction to HelloWorld app
[02:19] Create virtual env
[03:05] Running app
[04:47] Putting app in debug mode
[06:00] Looking at Werkzeug debug source code
[07:38] Hacktricks generation page / script
[08:05] Generating the pin
[12:40] Second example run with Gunicorn
[15:34] Pin change with WSGI start
[17:54] Applying to unknown application
#pentest #ctf #bugbounty #python #flask #werkzeug
Watch video Reassembling Werkzeug's Pin - Hacking Flask Debug Mode [Part 1] online without registration, duration hours minute second in high quality. This video was added by user 0xdf 31 July 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 3,594 once and liked it 73 people.