$ curl -X POST -F "file=@shell.pdf" 10.10.11.206:8080/upload
Enter a public URL (e.g., http://google.com ) to confirm it generates a PDF.
The UPnP service running on port 5000 appears to be a potential attack surface. However, there are no obvious vulnerabilities. pdfy htb writeup upd
Submit the URL to your hosted exploit.php in the target application's input field. The server follows the redirect and renders the target file in the PDF. Step 3: Extracting the Flag
If the application can fetch external web pages, can it fetch internal resources? Inputting file:///etc/passwd or http://localhost directly often results in a "URL not allowed" or similar error message, indicating a basic blacklist or security filter is in place. 2. Identifying the Technology $ curl -X POST -F "file=@shell
<!DOCTYPE html> <html> <body> <iframe src="file:///etc/passwd" height="1000px" width="1000px"></iframe> </body> </html>
Pdfy is a medium-level difficulty box on Hack The Box (HTB), an online platform for cybersecurity enthusiasts to practice their skills in a legal and safe environment. The goal of this writeup is to provide a detailed walkthrough of how to exploit the Pdfy box and gain root access. Submit the URL to your hosted exploit
Enter your ngrok URL (e.g., https://abc123.ngrok.io/index.html ) into the PDFy application.
b1e4c5f7a9d2e8f3c6a0b1d4e7f9a2c3 Root flag: f2a3d8c9e1b5f7a4d6c0b2e8f9a1c3d4
If you’ve been grinding through Hack The Box (HTB) machines, you’ve likely come across PDFy — a retired, medium-difficulty Linux box that focuses heavily on , PDF metadata exploitation , and abusing misconfigured binaries . The “PDFy HTB Writeup UPD” is a community-driven, updated walkthrough that aims to not only guide you through the root but also explain the why behind each step.
I hope this draft helps! Let me know if you want to add or modify anything.