Official PDFy Discussion

Official discussion thread for PDFy. Please do not post any spoilers or big hints.

1 Like

Any hint?

I really hate blackbox stuff

1 Like

i am trying for hours to make the ssrf working but no way :frowning:

edit : use ngrok :slight_smile:

Hello,

I’m reaching out for help because I’m completely stuck after spending 8 hours on this.

I’ve tried everything that came to mind and searched through countless internet pages.

I’ve tried XSS vulnerabilities with no results, I’ve tried sending malicious code through the URL without success.
The only thing I’ve “succeeded” in is putting a PHP file in the URL and having this code executed only on my local machine, not on the challenge server.

I’m not asking for the answer, just some assistance or a possible direction to follow if possible.

Thanks in advance.

need a hint please

Ok, i have found XSS but now i don’t know how to go on. Any hint please?

Try if you can figure out how the PDF is generated, that should put you in the right direction.

Do some research on the internet.

website use wkhtmltopdf. I did some resarch. Maybe this help you wkhtmltopdf SSRF | Exploit Notes wkhtmltopdf File Inclusion Vulnerability - Virtue Security if you find anything please reply

1 Like

Solved? Man I have been stuck on this for about like 3 days. Nothing positive yet. Don’t know where I am lacking behind. Found XSS and even I am able to interact with a my locally hosted server. But don’t know what to do. Tried the “file://” wrapper but that too fails. Just totally messed up. Need help man need some help.

Did you solve? I went on like an insane research path but still couldn’t land into anything good. Found how this wkhtm… utility works i.e. the syntax but still struggling to find the right path. Help mate please help.

Don’t dig deep. When you google wkhtmltopdf lfi, almost the first 3 search result will be enough to solve this challenge. This is an easy challenge. Don’t assume things if you find a possible way. Just follow what PoC suggests.

You are very close to the solution. Just figure out the weakness there.

1 Like

The iframe window opens but I can’t receive anything. What am I missing? Do I need to complicate the payload?
console says Not allowed to load local resource

The solution for this challenge is easier than the PoC on the site you shared. How can you make it simpler, think about that

1 Like

Any hint plz ?

solved!

the solution was in the PoCs… but there is a tricky part.
i’ve solved cracking the PoCs in two. each part with one step of the PoC.
part1: webhook.site . part2: hosted a php server in my public ip address (easier to send headers :smiley: ) .

1 Like

Pwned! I figured out where I was going wrong and why it took so long. If anyone using ngrok, make sure to use ‘tcp’ option rather than ‘http’ to avoid the confirmation page that was getting in middle of the redirection. Hope this will lead someone else frustrated towards the final door. Best of Luck!

1 Like

i tried to get /etc/passwd, but i kept receiving empty PDFs, any hints please ? Thanks