Using the information gathered during the privilege escalation phase, we devise a plan to gain root access. We modify the config.json file to execute a malicious command as the root user.
Next, we proceed to enumerate the web server on port 80. We access the website using our browser and notice that it appears to be a simple web application with a search functionality. We also observe that the website uses a .pdf extension for its pages, which could indicate that the PDF converter service on port 8080 might be related to the web application. pdfy htb writeup upd
# Define the malicious file contents malicious_file = "JVBERi0xLjMK…(%PDF-1.3)…" pdfy htb writeup upd
WhatsApp us