Update werkzeug_debug_rce.md

Added note about python3 version in verification steps because the version may change when a newer docker image becomes available. Added report.txt as a file because I apparently forgot it before and the containers fail to build without it.
rapid7 · Dec 8, 2024 · 4ce4cf4 · 4ce4cf4
1 parent 7838a94
commit 4ce4cf4
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/documentation/modules/exploit/multi/http/werkzeug_debug_rce.md b/documentation/modules/exploit/multi/http/werkzeug_debug_rce.md
@@ -295,6 +295,10 @@ requesting the content of a file that doesn't exist in the container.
     if __name__ == '__main__':
         runserver()
 
+#### report.txt
+
+    Hi there, I'm a sample report
+
 ## Verification Steps
 
 1. Run the docker containers
@@ -308,7 +312,7 @@ requesting the content of a file that doesn't exist in the container.
 6. Do: `set VHOST 127.0.0.1`
 7. Do: `set MACADDRESS <mac-address>`
 8. Do: `set MACHINEID <machine-id>`
-9. Do: `set FLASKPATH /usr/local/lib/python3.12/site-packages/flask/app.py`
+9. Do: `set FLASKPATH /usr/local/lib/<python3.version>/site-packages/flask/app.py` (where `<python3.version>` matches the version on the system being exploited)
 10. Do: `run`
 11. You should see a PIN and a cookie being logged then get a shell.
 
@@ -423,7 +427,7 @@ requesting the content of a file that doesn't exist in the container.
 82. Do: `unset AUTHMODE`
 83. Do: `set MACADDRESS <mac-address>`
 84. Do: `set MACHINEID <machine-id>`
-85. Do: `set FLASKPATH /usr/local/lib/python3.12/site-packages/flask/app.py`
+85. Do: `set FLASKPATH /usr/local/lib/<python3.version>/site-packages/flask/app.py` (where `<python3.version>` matches the version on the system being exploited)
 86. Do: `run`
 87. You should see a failure due to the check failing.