In this comprehensive writeup, we have covered the PDFY machine on Hack The Box, focusing on its enumeration, exploitation, and privilege escalation. We have demonstrated how to exploit the PDF converter service to gain initial access and then escalate privileges to gain root access. The techniques used in this writeup can be applied to similar machines and scenarios, providing valuable knowledge for cybersecurity enthusiasts.
# Connect to the PDF converter service s.connect(('10.10.11.232', 8080)) pdfy htb writeup upd
# Close the socket s.close()
As the pdfy user, we examine the user's groups and privileges. We notice that the user is a member of the pdfy group and has read/write access to the /var/www/pdfy directory. However, we also discover that the user has limited privileges and cannot execute system commands. In this comprehensive writeup, we have covered the
Next, we perform a system enumeration using tools like linpeas and systemd-analyze . The results reveal that the machine uses a SystemD service called pdfy-converter to manage the PDF converter service on port 8080. # Connect to the PDF converter service s
Upon further examination, we find that the pdfy-converter service runs as the root user and uses a configuration file located at /etc/pdfy-converter/config.json . We also notice that the configuration file has weak permissions, allowing the pdfy user to modify its contents.