Information
Room#
- Name: Introduction to Flask
- Profile: tryhackme.com
- Difficulty: Easy
- Description: How it works and how can I exploit it?
Write-up
Installation and Deployment basics#
Which environment variable do you need to change in order to run Flask?
Answer: FLASK_APP
Clone the example repository:
$ git clone https://github.com/Swafox/Flask-examples
Create a virtual environment:
$ cd Flask-examples
$ python -m venv venv
$ source venv/bin/activate
Install flask:
$ pip3 install Flask
Choose the app to run and run it:
$ export FLASK_APP=helloworld.py
$ flask run
Basic syntax and routing#
What's the default deployment port used by Flask?
Answer: 5000
Check in your terminal.
Is it possible to change that port? (yay/nay)
Answer: yay
$ flask run --help | grep port
-p, --port INTEGER The port to bind to.
HTTP Methods and Template Rendering#
Does Flask support POST requests? (yay/nay)
Answer: yay
httpmethods.py
from flask import request
def do_the do_the_login():
return 'This was a POST request'
def show_the_login_form():
return 'Not POST. Are you GETting me? :)'
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
return do_the_login()
else:
return show_the_login_form()
What markup language can you use to make templates for Flask?
Answer: html
templaterendering.py
from flask import render_template
@app.route('/rendered')
def hello(name=None):
return render_template('template.html', name=name)
'''
HTML example:
<!doctype html>
<title>Hello from Flask</title>
<h1>Hello again, TryHackMe</h1>
'''
Flask Injection#
What's inside /home/flask/flag.txt ?
Answer: THM{flask_1njected}
Use a LFI in the SSTI: http://10.10.17.26:5000/vuln?name={{%20get_user_file(%22/home/flask/flag.txt%22)%20}}