filename = sys.argv[1] os.system(f"pdfimages filename /tmp/img")
sudo -l
This machine is an excellent bridge between "Easy" and "Medium" difficulty. It teaches that trusted tools (like PDF converters) can become vulnerabilities if they accept untrusted input. It reinforces the importance of sanitizing URL inputs and restricting the protocols ( http/https only) that a backend server is allowed to request. pdfy htb writeup upd
This is a known command-line tool that uses the WebKit rendering engine to convert HTML to PDF. Crucially, older versions of this tool are vulnerable to SSRF because they follow redirects and execute JavaScript. filename = sys
Read local files (like /etc/passwd ) using the server's internal access. Step-by-Step Walkthrough Reconnaissance & Identification The web interface accepts a URL to convert to PDF. The backend often uses wkhtmltopdf to render the content. This is a known command-line tool that uses
The core vulnerability is that the server fetches external content without proper validation, leading to .