Pdfy Htb Writeup Upd «1080p»

Inspecting the front-end source code reveals an asynchronous JavaScript POST request to the backend API: javascript

Official PDFy Discussion - Challenges - Hack The Box :: Forums

Use .

sudo /usr/local/bin/pdf_convert.py "$(python3 -c 'print("A"*100 + ";chmod 777 /root")')"

There are several effective ways to craft the malicious HTML page. All of them achieve the same goal: forcing wkhtmltopdf to read the /etc/passwd file. Here are three reliable methods. pdfy htb writeup upd

Enumerating the NetBIOS and Microsoft-DS ports using enum4linux reveals a list of users on the system.

Many users struggle by overcomplicating the attack with complex reverse proxies. The most straightforward path is often a basic redirect to a file:// URI. Inspecting the front-end source code reveals an asynchronous

Open or view the generated PDF file through the web browser or download it locally. The document should now display the contents of the machine's local configuration files.

sudo /usr/local/bin/pdf_convert.py "test; echo '$(cat id_rsa.pub)' >> /root/.ssh/authorized_keys;" Here are three reliable methods

app.py reveals:

PDFY is a web application that allows users to upload PDF files, extract metadata, and convert them to images. The application uses an unsafe system call to pdftotext and pdfimages , allowing command injection via crafted PDF metadata or filenames. Privilege escalation involves a misconfigured sudo permission for a custom PDF processing script.

Wir benutzen Cookies

Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell für den Betrieb der Seite, während andere uns helfen, diese Website und die Nutzererfahrung zu verbessern (Tracking Cookies). Sie können selbst entscheiden, ob Sie die Cookies zulassen möchten. Bitte beachten Sie, dass bei einer Ablehnung womöglich nicht mehr alle Funktionalitäten der Seite zur Verfügung stehen.

Akzeptieren Ablehnen
Weitere Informationen | Impressum