Upon launching the PDFY machine on HTB, we are provided with an initial IP address: 10.10.11.232 . Our first step is to perform an initial enumeration of the machine using tools like Nmap. We run the following command:
As the pdfy user, we examine the user's groups and privileges. We notice that the user is a member of the pdfy group and has read/write access to the /var/www/pdfy directory. However, we also discover that the user has limited privileges and cannot execute system commands. pdfy htb writeup upd
Using the information gathered during the privilege escalation phase, we devise a plan to gain root access. We modify the config.json file to execute a malicious command as the root user. Upon launching the PDFY machine on HTB, we