This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.
Upon launching the challenge, you are greeted with a simple web interface that prompts for a URL. The application’s stated purpose is to "turn your favorite web pages into portable PDF documents".
When you start the PDFy machine, you are presented with a simple web application. The core functionality allows a user to submit a URL. The backend server fetches the content of that URL, converts it into a PDF document, and then presents a link to download the generated PDF.
The wkhtmltopdf engine follows the redirect and reads the local file. The content of /etc/passwd is rendered into the PDF. pdfy htb writeup upd
(Related search suggestions prepared.)
or
The server returns the contents of the /etc/shadow file, which includes the hashed password for the user pdfy . This public link is valid for 7 days
compile
user wants a long article for the keyword "pdfy htb writeup upd". This is likely a request for a writeup about a Hack The Box (HTB) machine named "Pdfy" (or similar). The "upd" might refer to an update. I need to search for relevant writeups. I'll search for "pdfy htb writeup" and "pdfy upd htb". search results for "pdfy htb writeup" show several relevant links. Result 0 is from tiemenruijgrok.com, result 2 from medium.com, result 5 from 4xura.com, and result 6 from blog.manhtuong.net. The search for "pdfy upd htb" didn't yield relevant results, so I'll focus on the writeups from the first search. To gather comprehensive details, I'll open the most promising ones: result 0, result 2, result 5, and result 6. opened pages provide various details. The article from Axura (result 5) seems to be a detailed writeup. The one from blog.manhtuong.net is short. The Medium article is also short. The first result from tiemenruijgrok.com is also a writeup. I need to gather more details for a comprehensive article. I'll also look for other writeups, perhaps on GitHub or other platforms. I'll search for "HTB PDFy writeup GitHub" and "PDFy HTB writeup detailed". have gathered information from several writeups. The article will cover the challenge's concept, enumeration, SSRF and wkhtmltopdf vulnerability, exploitation steps, and resolution. I will structure it as a comprehensive guide, citing the sources. HTB PDFy Challenge Writeup (Updated): From SSRF to /etc/passwd Leak
Leak the contents of /etc/passwd to retrieve the hidden flag. Primary Vulnerability: SSRF via the wkhtmltopdf tool. 1. Initial Enumeration Can’t copy the link right now
PDF metadata reveals usage of wkhtmltopdf , a utility prone to Local File Inclusion (LFI) and SSRF, which executes scripts on the server. While direct file:///etc/passwd inputs are blocked by input filters, an SSRF redirection bypass allows accessing local files. Phase 3: Exploitation via Redirection Bypass
The wkhtmltopdf tool will follow the Location header and generate a PDF from the local /etc/passwd file, once again leaking the flag inside the PDF.