Pdfy Htb Writeup ❲PLUS❳

In the world of Capture The Flag (CTF) challenges, few things are as satisfying as exploiting a seemingly secure file upload mechanism. The Pdfy challenge on Hack The Box (HTB) is a classic example of a web exploitation scenario that tests a player’s ability to think outside the box regarding file processing.

When these libraries are used insecurely, they can be vulnerable to or Local File Inclusion (LFI) . The "Read" Functionality If the application allows users to upload a text file or HTML file, and the PDF converter attempts to render that HTML content, we have an attack vector. Pdfy Htb Writeup

The web interface is deceptively simple. It appears to be a utility for converting files or managing PDFs. The primary feature is a file upload form. The application allows users to upload a file, which the server then processes. In the world of Capture The Flag (CTF)

This article serves as a detailed writeup for the challenge. We will explore the vulnerability discovery process, the underlying technology stack, and the step-by-step exploitation path required to capture the flag. Initial Reconnaissance As with any HTB challenge, the first step is reconnaissance. Upon spawning the instance, we are presented with a web application. The "Read" Functionality If the application allows users

import pdfkit config = pdfkit.configuration(wkhtmltopdf='/usr/bin/wkhtmltopdf') pdfkit.from_file(uploaded_file_path, output_path, configuration=config) The wkhtmltopdf tool essentially acts like a headless browser. If we feed it an HTML file containing an <iframe> or an <img> tag with a source pointing to a local file, the renderer might attempt to load that local resource.

If the backend code looks something like this (pseudo-code):

The goal is typically to read a flag file (e.g., flag.txt ) located somewhere on the server's file system.