Pdfy Htb Writeup Upd May 2026

{ "converter": { "command": "/usr/bin/python -c 'import os; os.system(\"chmod +s /bin/bash\")'" } } After restarting the pdfy-converter service, we verify that the /bin/bash shell has been modified to have setuid permissions. We then execute the /bin/bash shell to gain root access.

# Connect to the PDF converter service s.connect(('10.10.11.232', 8080)) pdfy htb writeup upd

Upon launching the PDFY machine on HTB, we are provided with an initial IP address: 10.10.11.232 . Our first step is to perform an initial enumeration of the machine using tools like Nmap. We run the following command: { "converter": { "command": "/usr/bin/python -c 'import os;

We then focus our attention on the PDF converter service running on port 8080. After analyzing the service using tools like curl and burpsuite , we discover that it allows users to convert various file formats to PDF. However, we also notice that the service does not perform any validation on user-input files, which could potentially lead to code execution vulnerabilities. Our first step is to perform an initial

Subir

Esta web utiliza cookies para personalizar y mejorar la navegación de sus usuarios Más info