Pdfy — Htb Writeup

dirbuster -u http://10.10.11.231/ -o dirbuster_output The DirBuster scan reveals a /uploads directory, which seems like a good place to start. We can use tools like Burp Suite to send a malicious PDF file to the server and see if it is vulnerable to a file upload exploit.

curl -X POST -F "file=@malicious.pdf" http://10.10.11.231/uploads/ After uploading the malicious PDF file, we notice that the server is executing arbitrary commands. We can use this vulnerability to gain a foothold on the box. Pdfy Htb Writeup

After gaining a foothold on the box, we need to escalate our privileges to gain root access. We start by exploring the file system and looking for any misconfigured files or directories. dirbuster -u http://10

gcc exploit.c -o exploit ./exploit

After analyzing the pdfy binary, we notice that it is vulnerable to a buffer overflow exploit. We can use this vulnerability to gain root access. We can use this vulnerability to gain a foothold on the box

nc -lvp 4444

In this article, we provided a step-by-step guide to compromising the Pdfy HTB box. We exploited a file upload vulnerability in the pdfmake tool, gained a foothold on the box, and escalated our privileges using a buffer overflow exploit in the pdfy binary. This challenge demonstrates the importance of securing web applications and preventing file upload vulnerabilities.