Python Werkzeug PIN Exploit

Python Werkzeug PIN Exploit steps:

Location: /console

1) Find a way to learn the location of the application (SSRF or LFI)

2) Get Device ID

/proc/net/arp

3) Get MAC Address

/sys/class/net/DEVICE_ID/address

4) Convert MAC Address using EUI-48 to get its integer value Resource:

https://www.vultr.com/resources/mac-converter/

5) Get machine id

/etc/machine-id

6) Get hashing algorithm that the app uses

location/to/werkzeug/__init__.py

7) Insert the information we have gathered into the werkzeug PIN exploit script accordingly

8) Run the script to crack the pin, then at the console, write a python reverse shell to connect back to your machine.

9) GG!

PreviousPrototype Pollution NextRemote Code Execution (RCE)

Last updated 8 months ago