Pdfy Htb: Writeup Upd
PDFy is a retired Web challenge on Hack The Box that tests your ability to exploit Server-Side Request Forgery (SSRF) to read local files.
Redirection: Point the input to a server you control that returns a 302 Redirect to the target internal resource. 🏁 Step 3: Capturing the Flag Once you bypass the URL filter, you can target local files. Common Targets: file:///etc/passwd (to confirm file read). pdfy htb writeup upd
- Discovery: The "Convert URL" functionality is vulnerable to Server-Side Request Forgery (SSRF).
- The Attack: While
wkhtmltopdftypically restricts access to local files (likefile:///etc/passwd), it is often possible to force it to render internal web pages. - Internal Enumeration: By using the SSRF to scan internal ports (e.g.,
http://127.0.0.1:PORT), you typically discover an internal administrative dashboard or API endpoint that is firewalled off from the outside. Let's say this internal service runs on port 5000 or 8080. - Exploitation: You can feed the PDF converter a URL like
http://127.0.0.1:5000/adminor an internal API endpoint.Generate key pair:
Next, we proceed to enumerate the web server on port 80. We access the website using our browser and notice that it appears to be a simple web application with a search functionality. We also observe that the website uses a
.pdfextension for its pages, which could indicate that the PDF converter service on port 8080 might be related to the web application. PDFy is a retired Web challenge on HackThe web application provides a simple interface where users can input a URL. The application then visits that URL, captures the page, and converts it into a downloadable PDF file. Identify the Engine: Discovery: The "Convert URL" functionality is vulnerable to
