Pdfy: Htb Writeup Upd

# Send the malicious file s.send(malicious_file.encode())

# Close the socket s.close()

Using the information gathered during the privilege escalation phase, we devise a plan to gain root access. We modify the config.json file to execute a malicious command as the root user. pdfy htb writeup upd

./bin/bash

As the pdfy user, we examine the user's groups and privileges. We notice that the user is a member of the pdfy group and has read/write access to the /var/www/pdfy directory. However, we also discover that the user has limited privileges and cannot execute system commands. # Send the malicious file s

# Create a socket object s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Connect to the PDF converter service s.connect(('10.10.11.232', 8080)) We notice that the user is a member

We then focus our attention on the PDF converter service running on port 8080. After analyzing the service using tools like curl and burpsuite , we discover that it allows users to convert various file formats to PDF. However, we also notice that the service does not perform any validation on user-input files, which could potentially lead to code execution vulnerabilities.

SupportPresentkort företagPresentkort privatpersonOm ossPressAnvändarvillkorCookie-policyPersonuppgiftspolicyTävlingsvillkorTillgänglighet
Land:
Tillsynsmyndighet: Mediemyndigheten | Länk till EU-kommissionens onlineplattform för tvistelösning på nätet© 2025 SF Anytime AB (org no. 556748-2616, VAT SE556748261601)