1. check out interesting paths like /console

2. Wow, we found flask app debugger http://jh2i.com:50018/console

3. Try send something, if you got 404 error just try again (many time)

4. Ok, we can automate it

5. Read about flask debugger and DEBUG=True mode

6. Write your exploit

solution script: solution.py app src: main.py

flag is flag{weurkzerg_the_worst_kind_of_debug}

Original writeup (https://github.com/wetox-team/writeup/tree/master/hacktivitycon/ladybug).