The server returns the contents of the /etc/shadow file, which includes the hashed password for the user pdfy .
Note: There is no retired machine officially named "Pdfy" on Hack The Box as of early 2024. It is highly likely you are referring to the machine named , or potentially a mix-up with a similar challenge. However, the following review covers the typical "PDF Upload" exploitation scenario found on HTB machines like "Pdf" or similar challenges involving PDF generation. pdfy htb writeup upd
Upload → reverse shell as www-data .
Start a temporary PHP web server on your attack machine on port 80: sudo php -S 0.0.0.0:80 Use code with caution. Step 3: Triggering the Exploit The server returns the contents of the /etc/shadow
Enter a public URL (e.g., http://google.com ) to confirm it generates a PDF. However, the following review covers the typical "PDF
This walk-through covers the discovery, exploitation, and resolution of the vulnerability to grab the hidden flag. Challenge Overview
filename = sys.argv[1] os.system(f"pdfimages filename /tmp/img")