The wkhtmltopdf tool will render the main HTML page and, while processing it, it will attempt to load the <iframe> . The src="file:///etc/passwd" will cause it to read the local file and embed it into the generated PDF.
The next step is to enumerate the services running on these ports to gather more information about the system. pdfy htb writeup upd
run
The challenge revolves around a web service designed to take a user-supplied URL, download or capture the content, and generate a downloadable PDF document. The wkhtmltopdf tool will render the main HTML
Knowing the functionality, we focus on how the server processes the input. Identifying the PDF Generator run The challenge revolves around a web service
The real breakthrough came when I noticed a peculiar PDF upload functionality on the web server. Users could upload PDF files, which were then converted to text. Intrigued, I decided to test this functionality with a malicious PDF.
Upload → server executes id and returns output embedded in PNG comment.