Next, we perform a system enumeration using tools like linpeas and systemd-analyze . The results reveal that the machine uses a SystemD service called pdfy-converter to manage the PDF converter service on port 8080.
Next, we proceed to enumerate the web server on port 80. We access the website using our browser and notice that it appears to be a simple web application with a search functionality. We also observe that the website uses a .pdf extension for its pages, which could indicate that the PDF converter service on port 8080 might be related to the web application. pdfy htb writeup upd
# Define the malicious file contents malicious_file = "JVBERi0xLjMK…(%PDF-1.3)…" Next, we perform a system enumeration using tools
Using DirBuster, we perform a directory brute-forcing attack on the web server and discover several directories, including /uploads , /download , and /admin . The /uploads directory seems to be used for storing user-uploaded files, while the /download directory appears to be used for downloading converted PDF files. We access the website using our browser and
# Send the malicious file s.send(malicious_file.encode())
Upon launching the PDFY machine on HTB, we are provided with an initial IP address: 10.10.11.232 . Our first step is to perform an initial enumeration of the machine using tools like Nmap. We run the following command: