1. check out interesting paths like `/console`

2. Wow, we found flask app debugger `http://jh2i.com:50018/console`

3. Try send something, if you got 404 error just try again (many time)

4. Ok, we can automate it

5. Read about flask debugger and `DEBUG=True` mode

6. Write your exploit

solution script: [solution.py](https://github.com/wetox-team/writeup/blob/master/hacktivitycon/ladybug/solution.py)
app src: [main.py](https://github.com/wetox-team/writeup/blob/master/hacktivitycon/ladybug/main.py)

flag is `flag{weurkzerg_the_worst_kind_of_debug}`

Original writeup (https://github.com/wetox-team/writeup/tree/master/hacktivitycon/ladybug).