Web
Nmap discovered a web server on the target port 5000
The service running is Werkzeug httpd 0.16.1 (Python 3.8.5)
werkzeug is a Python library that provides a set of utilities for building web applications. It is designed to be simple, lightweight, and flexible, allowing developers to choose the components they need for their projects. Werkzeug includes features such as URL routing, request and response handling, and cookie and session management, making it a useful tool for building both simple and complex web applications.
Webroot
It appears that the web server is hosting 3 penetration testing tools
Wappalyzer identified technologies involved.
It is indeed a Flask app, written in Python 3.8.5
Nmap
The nmap form takes an IP address and send out a POST request to perform a scan
I tried some injection techniques, but none of them worked
payloads
The payloads section appears to be using msfvenom to generate a payload
The interesting thing about it is that it support a file upload for template file
Vulnerability
Looking it up on Google, I see that the first result shows a vulnerability present in Metasploit; [[ScriptKiddie_CVE-2020-7384#CVE-2020-7384|CVE-2020-7384]]
According to the article, the vulnerability affects the following product;
Metasploit Framework <= 6.0.11Metasploit Pro <= 4.18.0
While I have not confirm the version of Metasploit Framework that the target web application is using, it is very likely vulnerable as the most recent release of Metasploit Framework is 6.3.5 as of March 2, 2023
Moving on to the Exploitation phase
sploits
The sploits section supports the searchsploit tool
As shown above, it works fine.
Injection doesn’t seem to be available.