Resubmit your script's URL into the target application form to render the updated contents, opening the newly created PDF to capture the final Hack The Box flag. 3. Remediation & Hardening Strategies
A web application that converts provided URLs into PDF documents. Vulnerability: Insecure URL handling during PDF generation.
: It takes that URL, visits it, and converts the webpage's contents into a downloadable PDF file.
# Start your local PHP server on port 8000 php -S 0.0.0.0:8000 # Expose your local port 8000 to the public web via Serveo ssh -R 80:localhost:8000 serveo.net Use code with caution. 4. Capturing the Flag pdfy htb writeup upd
Try:
If you input a standard website like http://google.com , the app grabs the page and makes a PDF.
find / -perm -4000 2>/dev/null
On our attacker server, we create a simple script that performs a redirect. The script reads a parameter (e.g., x ) and redirects the client to a file:// URL using that parameter. A PHP version is commonly used:
Create an exploit.php file on your controlled server or public URL provider:
Official PDFy Discussion - Challenges - Hack The Box :: Forums Resubmit your script's URL into the target application
Official PDFy Discussion - Page 2 - Challenges - Hack The Box
Download one of the successfully generated PDFs (such as the Google snapshot) and analyze its metadata using exiftool . This helps identify the backend engine processing the HTML-to-PDF conversion: exiftool downloaded_file.pdf Use code with caution.
The core functionality—fetching a remote URL and rendering it—is a textbook indicator for potential . Vulnerability: Insecure URL handling during PDF generation