The PDFY machine on Hack The Box presented an engaging challenge that required both web application exploitation skills and system enumeration for privilege escalation. By recognizing the vulnerabilities in the PDF upload functionality and leveraging system misconfigurations, I was able to gain root access. This challenge served as a great reminder of the importance of thorough reconnaissance and creative exploitation techniques.
Check sudo:
If you are running this locally, you must expose your server to the internet so the HTB challenge instance can reach it. Using a Reverse Proxy or tools like Serveo is recommended over ngrok for this specific challenge to avoid browser warning screens that might break the automated PDF rendering. pdfy htb writeup upd
Try:
$ enum4linux -u nobody -p 10.10.11.206 [+] Enumerated users user:[pdfy] uid:[1677721600] gid:[1677721600] groups:[1677721600] user:[phr] uid:[1677721601] gid:[1677721601] groups:[1677721601] The PDFY machine on Hack The Box presented
Verify SSRF by receiving a "hit" on a controlled listener (like Webhook.site). Check sudo: If you are running this locally,
nmap -sC -sV -p- 10.10.11.27 -oA pdfy_scan
