TryHackMe - MD2PDF
Hello Hacker!TopTierConversions LTD is proud to announce its latest and greatest product launch 'MD2PDF'. This easy-to-use utility converts markdown files to PDF and is totally secure! Right...?
https://tryhackme.com/room/md2pdf
Reconaissance
Fist recon the website and look which ports are open I can see there are three open ports :
Checks every ports and we can see in port:5000
it looks like both port:80
and port:5000
are same.
Directory Fuzzing
Lets fuzz
the website. Looks like we got some hidden info. let’s access it. it says:
only localhost can access it
Verdict
so we can’t access the localhost. let’s try some other way. After some research, I have found and artical Here
So, basically i need to do SSRF
.
Approach
I have tried some basic way like img
tag but failed then tried xss
with javascript
but could works. Finally tried the <iframe>
tag and it’s worked.
Conclusion
When a service developed, it’s need to sanitize the user inputs, otherwise a simple injection can break the system.