Often, direct internal IPs are blocked by basic filters. Step 3: Bypassing Filters with Redirection
compile
If you closely look at the metadata generated within the output PDF or notice error codes triggered by invalid page parameters, you can identify the backend generation engine: .
In a new terminal, run ngrok to create a tunnel to your local server on port 8080. pdfy htb writeup upd
: PDFy utilizes wkhtmltopdf , a well-known command-line tool used to render HTML into PDF using the WebKit rendering engine.
Official PDFy Discussion - Page 2 - Challenges - Hack The Box
While the box is straightforward, many beginners get stuck on the syntax or identifying the internal targets. This updated writeup covers the most efficient path to the user flag and explains the mechanics behind the exploit. 1. Enumeration: What are we working with? Often, direct internal IPs are blocked by basic filters
http://10.10.10.187/?file=../../../../etc/passwd
Resubmit your script's URL into the target application form to render the updated contents, opening the newly created PDF to capture the final Hack The Box flag. 3. Remediation & Hardening Strategies
machine is an easy-difficulty Linux box. A high-quality writeup (or "paper") for this machine should follow a professional structure similar to the official HTB sample report Enumeration : Document the scan identifying ports 22, 80, and 443. Vulnerability Discovery : Note the X-Backend-Server header which reveals the office.paper hostname. Mention using to find vulnerabilities in the WordPress site. : Explain the discovery of the chat.office.paper : PDFy utilizes wkhtmltopdf , a well-known command-line
Checking the frontend JavaScript source code (often found directly embedded or inside an attached asset) shows that when a submission occurs, the app sends a POST request to /api/cache with a JSON payload: "url": "http://example.com" Use code with caution. Probing for Basic SSRF
This is where the initial simple test reveals crucial information. When you generate a PDF, it is always a good practice to examine its metadata. You can do this by downloading the PDF and running the pdfinfo tool or simply checking the "Document Properties" in a PDF reader.