HTB: PDFy Machine Writeup (Updated) If you are prepping for the OSCP or just sharpening your web exploitation skills, PDFy on Hack The Box is a classic "easy" rated machine that provides a textbook example of Server-Side Request Forgery (SSRF).
Each section is broken into “Command → Explanation → Expected Output”, making it easy to follow without blindly copy-pasting. The author also adds “Why this works” callouts — for example, explaining how exiftool can embed malicious JavaScript into PDF metadata that gets executed by the server’s PDF parser. pdfy htb writeup upd
Solar Panels 
Inverters 
CHARGE CONTROLLERS 
SOLAR PACKS 
Solar Equipment 
ENERGY STORAGE SOLUTIONS 
HEATING, COOLING AND HOT WATER 
ELECTRIC VEHICLE CHARGERS 
Solar Lighting Solutions config.py, .env) found during the enumeration phase for database credentials or SSH keys.sudo -l might reveal that the user can run a specific script or binary as root.
The Behavior: It takes that URL, visits it, and converts the webpage's contents into a downloadable PDF file. HTB: PDFy Machine Writeup (Updated) If you are
Use SSRF to interact with this internal service: Credential Hunting: Check configuration files ( config