They try different ports: http://127.0.0.1:3306 , http://127.0.0.1:8080 , and so on.
<user username="pdfy" password="Spring2020!" roles="manager-gui,admin-gui"/> Pdfy Htb Writeup
Running /usr/local/bin/pdfy asks for a PDF filename and converts it. It uses a system call to pdftotext – but with no sanitization. They try different ports: http://127
Upload → listener catches shell as www-data . They try different ports: http://127.0.0.1:3306
sudo -l
/usr/bin/abseil