Pdfy Htb Writeup Upd -

Visiting the website on port 80 reveals a simple webpage with a link to a PDF file.

$ curl -s 10.10.11.206
<!DOCTYPE html>
<html>
<head>
    <title>Pdfy</title>
</head>
<body>
    <h1>Pdfy</h1>
    <p><a href="pdf_file.pdf">Pdf File</a></p>
</body>
</html>

Downloading the PDF file does not reveal any sensitive information. pdfy htb writeup upd

find / -perm -4000 2>/dev/null

Look for pdftex or tex. If pdftex is SUID root or you can run it as sudo, exploit it. Visiting the website on port 80 reveals a

Check sudo rights:

sudo -l

You might see:

(ALL) NOPASSWD: /usr/bin/pdftex

The initial scan reveals a web server running on port 80. Downloading the PDF file does not reveal any

PDFy (HTB)

Pdfy Htb Writeup Upd -

Privacy

About queerflix.net