Sign In

Pdfy Htb Writeup Upd Page

Port 5000 is not directly accessible from outside (filtered).
However, the main web app on port 80 makes requests to localhost:5000 during PDF processing.

nmap -sC -sV -oA pdfy 10.10.11.xx

Ports open:

  • Visit web root: look for a PDF processing app (upload/convert), parameterized endpoints, and common LFI/XXE patterns.

    • The box typically starts with a standard web server running a simple web application. The core functionality allows a user to input a URL or upload a file to generate a PDF. pdfy htb writeup upd

    If the application allows uploading images/files alongside the URL, and the backend uses PHP with specific libraries, it might be vulnerable to Phar Deserialization. However, in most "Pdf" themed boxes, the vector is simpler. Port 5000 is not directly accessible from outside (filtered)