Update werkzeug_debug_rce.md

Grezzo · web-flow · commit 4ce4cf472e57 · 2024-12-08T21:11:03.000Z
Added note about python3 version in verification steps because the version may change when a newer docker image becomes available.

Added report.txt as a file because I apparently forgot it before and the containers fail to build without it.
diff --git a/documentation/modules/exploit/multi/http/werkzeug_debug_rce.md b/documentation/modules/exploit/multi/http/werkzeug_debug_rce.md
@@ -295,6 +295,10 @@ requesting the content of a file that doesn't exist in the container.
     if __name__ == '__main__':
         runserver()
 
+#### report.txt
+
+    Hi there, I'm a sample report
+
 ## Verification Steps
 
 1. Run the docker containers
@@ -308,7 +312,7 @@ requesting the content of a file that doesn't exist in the container.
 6. Do: `set VHOST 127.0.0.1`
 7. Do: `set MACADDRESS <mac-address>`
 8. Do: `set MACHINEID <machine-id>`
-9. Do: `set FLASKPATH /usr/local/lib/python3.12/site-packages/flask/app.py`
+9. Do: `set FLASKPATH /usr/local/lib/<python3.version>/site-packages/flask/app.py` (where `<python3.version>` matches the version on the system being exploited)
 10. Do: `run`
 11. You should see a PIN and a cookie being logged then get a shell.
 
@@ -423,7 +427,7 @@ requesting the content of a file that doesn't exist in the container.
 82. Do: `unset AUTHMODE`
 83. Do: `set MACADDRESS <mac-address>`
 84. Do: `set MACHINEID <machine-id>`
-85. Do: `set FLASKPATH /usr/local/lib/python3.12/site-packages/flask/app.py`
+85. Do: `set FLASKPATH /usr/local/lib/<python3.version>/site-packages/flask/app.py` (where `<python3.version>` matches the version on the system being exploited)
 86. Do: `run`
 87. You should see a failure due to the check failing.
 
