Pdfy Htb Writeup Upd May 2026

Upon further examination, we find that the pdfy-converter service runs as the root user and uses a configuration file located at /etc/pdfy-converter/config.json . We also notice that the configuration file has weak permissions, allowing the pdfy user to modify its contents.

./bin/bash

# Send the malicious file s.send(malicious_file.encode()) pdfy htb writeup upd