Werkzeug has a debug console that requires a pin by default. It's possible to bypass this with an LFI vulnerability or use it as a local privilege escalation vector.

As explained by Carlos Polop in Hacktricks.xyz, this exploit is to access /console from Werkzeug when it requires a pin.

A message regarding the “console locked” scenario is encountered when attempting to access Werkzeug’s debug interface, indicating a requirement for a PIN to unlock the console. The suggestion is made to exploit the console PIN by analyzing the PIN generation algorithm in Werkzeug’s debug initialization file (__init__.py).

This is a security helper to make ... to be exploited if you forget to disable it when deploying to production. The PIN based authentication is enabled by default. The first time a console is opened, a dialog will prompt for a PIN that is printed to the command line.

January 10, 2020 - You can find the PIN printed out on the standard output of your shell that runs the server · Locate vulernable Werkzeug debug console at path vulnerable-site.com/console, but is locked by secret PIN number.

September 30, 2021 - Locate vulnerable Werkzeug debug console at path vulnerable-site.com/console, but is locked by secret PIN number.

As explained by Carlos Polop in Hacktricks.xyz, this exploit is to access /console from Werkzeug when it requires a pin.

November 10, 2024 - GitHub - Ruulian/wconsole_extractor: WConsole Extractor is a python library which automatically exploits a Werkzeug development server in debug mode. You just have to write a python function that leaks a file content and you have your shell :)GitHub · https://www.daehee.com/werkzeug-console-pin-exploit/

April 10, 2023 - Second, check if the secret key used to sign session cookies is visible anywhere in the source code. Finally, check whether debugging has been enabled in Werkzeug when the application was started. If debugging is enabled, attempt to crack the PIN to access the debugging console and execute code, which is what I will cover here.

These exploits were developed after reviewing Werkzeug source code repo to better understand how the code is generated to then reverse it. The following is the function that generates the pin in Werkzeug from __init__.py.

This module will exploit the Werkzeug debug console to put down a Python shell. Werkzeug is included with Flask, but not enabled by default. It is also included in other projects, for example the RunServerPlus extension for Django.

March 11, 2023 - Learn how to crack the Werkzeug Debugger pin and gain access to the console in Python-based Flask web applications with this educational blog post.

This is a potential security issue, you are being redirected to https://nvd.nist.gov · Official websites use .gov A .gov website belongs to an official government organization in the United States

By exploiting the path traversal vulnerability and gathering system information, we successfully generate the debug pin required to access the Werkzeug debugger console remotely.

Second item in the resulting tuple is the cookie name for remembering. """ pin = os.environ.get("WERKZEUG_DEBUG_PIN") rv = None num = None

Python script for exploiting Werkzeug Debug RCE useful for CTFs where you just need to read a particular file or execute some command.

October 8, 2022 - We can get foothold by generating the console PIN using the exploit from here · https://github.com/wdahlenburg/werkzeug-debug-console-bypass ·