Official PDFy Discussion

system · April 12, 2024, 8:00pm

Official discussion thread for PDFy. Please do not post any spoilers or big hints.

sarp · April 12, 2024, 11:41pm

Any hint?

sarp · April 13, 2024, 1:23am

I really hate blackbox stuff

vincecipher · April 14, 2024, 8:21pm

i am trying for hours to make the ssrf working but no way

edit : use ngrok

twiwX · April 18, 2024, 3:08pm

Hello,

I’m reaching out for help because I’m completely stuck after spending 8 hours on this.

I’ve tried everything that came to mind and searched through countless internet pages.

I’ve tried XSS vulnerabilities with no results, I’ve tried sending malicious code through the URL without success.
The only thing I’ve “succeeded” in is putting a PHP file in the URL and having this code executed only on my local machine, not on the challenge server.

I’m not asking for the answer, just some assistance or a possible direction to follow if possible.

Thanks in advance.

EldenBin · April 18, 2024, 8:22pm

need a hint please

Bru5gh1 · April 19, 2024, 8:39am

Ok, i have found XSS but now i don’t know how to go on. Any hint please?

ktve · April 20, 2024, 2:45pm

Try if you can figure out how the PDF is generated, that should put you in the right direction.

sarp · April 21, 2024, 9:14am

Do some research on the internet.

enesdmr · April 25, 2024, 2:28pm

website use wkhtmltopdf. I did some resarch. Maybe this help you wkhtmltopdf SSRF | Exploit Notes wkhtmltopdf File Inclusion Vulnerability - Virtue Security if you find anything please reply

StuPurp · April 26, 2024, 1:54pm

Solved? Man I have been stuck on this for about like 3 days. Nothing positive yet. Don’t know where I am lacking behind. Found XSS and even I am able to interact with a my locally hosted server. But don’t know what to do. Tried the “file://” wrapper but that too fails. Just totally messed up. Need help man need some help.

StuPurp · April 26, 2024, 1:59pm

Did you solve? I went on like an insane research path but still couldn’t land into anything good. Found how this wkhtm… utility works i.e. the syntax but still struggling to find the right path. Help mate please help.

sarp · April 26, 2024, 8:07pm

Don’t dig deep. When you google wkhtmltopdf lfi, almost the first 3 search result will be enough to solve this challenge. This is an easy challenge. Don’t assume things if you find a possible way. Just follow what PoC suggests.

sarp · April 26, 2024, 8:09pm

You are very close to the solution. Just figure out the weakness there.

enesdmr · April 26, 2024, 9:54pm

The iframe window opens but I can’t receive anything. What am I missing? Do I need to complicate the payload?
console says Not allowed to load local resource

sarp · April 26, 2024, 10:29pm

The solution for this challenge is easier than the PoC on the site you shared. How can you make it simpler, think about that

israelak · April 27, 2024, 5:52am

Any hint plz ?

gianrigotto · April 27, 2024, 3:08pm

solved!

the solution was in the PoCs… but there is a tricky part.
i’ve solved cracking the PoCs in two. each part with one step of the PoC.
part1: webhook.site . part2: hosted a php server in my public ip address (easier to send headers ) .

StuPurp · April 27, 2024, 9:04pm

Pwned! I figured out where I was going wrong and why it took so long. If anyone using ngrok, make sure to use ‘tcp’ option rather than ‘http’ to avoid the confirmation page that was getting in middle of the redirection. Hope this will lead someone else frustrated towards the final door. Best of Luck!

Myster · May 5, 2024, 5:55pm

i tried to get /etc/passwd, but i kept receiving empty PDFs, any hints please ? Thanks