Pdfy Htb Writeup Upd [new] 📌 💫

This writeup covers the PDFy challenge from Hack The Box, updated as of April 2026. This challenge focuses on exploiting Server-Side Request Forgery (SSRF) via a PDF generation service that uses a vulnerable version of wkhtmltopdf. Challenge Overview

Step 6: Command Injection via PDF Generation

Craft an HTML payload that causes the internal PDF generator to execute system commands. pdfy htb writeup upd

Privilege Escalation

• Commands: id, whoami, groups, find / -perm /u=s -type f 2>/dev/null, etc.
• Findings: A user with a specific group that has write access to certain directories.

Potential Drawbacks

1. Not beginner-friendly – If you haven’t completed at least 5–10 easy HTB machines, some steps (like URL encoding the payload or setting up a listener with rlwrap) will feel rushed.
2. Missing alternative paths – PDFy has at least two ways to get user (one via PDF injection, another via a forgotten API endpoint). The writeup only covers the main path. A short “alternative approach” section would enrich it.
3. Outdated links – Some referenced GitHub gists for the exploit code are dead (though the author provides inline code, so it’s not crippling).