TL:DR: Recreation of this hacktrick

1. Don’t use Werkzeug debugger lol
2. Give the ?animal= GET parameter something unexpected (?animal=blah) and get yourself a traceback with a python console (Werkzeug lol)
3. Oh wait it’s PIN protected
4. Nevermind you can generate the pin yourself
5. Directory-traversal though ?animal= parameter for linux files (like ?animal=%2F..%2F../sys/class/net/eth0/address)
6. Cat flag but in a python shell