TryHackMe - MD2PDF (Easy) - Live Walkthrough

In this video, Tib3rius solves MD2PDF from TryHackMe (https://tryhackme.com/room/md2pdf). 0:00 - Introduction 2:00 - Running AutoRecon 3:49 - Looking around the web app on port 80. 4:45 - Finding HTML injection in the PDF generator, confirming Server-Side XSS. 7:12 - Scanning port 5000, finding another instance of the web app. 8:49 - Attempting to access URLs and local files using various HTML / JavaScript payloads. 12:11 - Attempting to embed files as attachments within the PDF and extract them. 14:08 - Attempting to use IFrame redirection to an internal file. 16:29 - Forcing AutoRecon to scan the services we identified. 17:49 - Trying Server-Side XSS to access local files. 19:15 - Using the feroxbuster scan results to identify the /admin location and getting the flag. 20:30 - Bonus "exploitation" of the AWS Metadata API. 24:48 - Outro Twitter: https://twitter.com/0xTib3rius Twitch: https://www.twitch.tv/0xTib3rius/ Courses: https://courses.tib3rius.com Udemy: https://www.udemy.com/user/tib3rius/ Discord: https://discord.com/invite/4qrvKMh