Pdfy Htb Writeup Upd Access

PDFy is an Easy-rated Web Challenge on Hack The Box (HTB) that centers on exploiting a Server-Side Request Forgery (SSRF) vulnerability in a web-to-PDF conversion service. The goal is to exfiltrate the contents of the /etc/passwd file from the server to retrieve the flag. Challenge Overview Difficulty: Easy Category: Web Primary Objective: Leak the /etc/passwd file. Core Vulnerability: SSRF via a PDF generation library. Walkthrough & Exploitation Steps

Host a malicious script: Create a simple PHP or HTML file on your server that issues a location header redirect.

Create a PDF with an HTTP POST request to http://127.0.0.1:5000/debug/exec with JSON body: pdfy htb writeup upd

Identifying Potential Exploits:

We then focus our attention on the PDF converter service running on port 8080. After analyzing the service using tools like curl and burpsuite, we discover that it allows users to convert various file formats to PDF. However, we also notice that the service does not perform any validation on user-input files, which could potentially lead to code execution vulnerabilities. PDFy is an Easy-rated Web Challenge on Hack

Since the server fetches a URL and renders it into a PDF, you can test if it can access its own internal environment.

UPD (Update) Notes

Since the server fetches and renders the URL, you can use the file:// protocol to point it toward internal system files.