Forum Discussion

Bronze I

10 months ago

Solved

Dependency Confusion

I feel as though I have exploited the vulnerability correctly and have gained RCE onto the server but I lack the sufficient privileges to access the token to complete the lab. I have no idea if I mis...

help & support

NyePrior
10 months ago
Hey Mail 👋
Thanks for sharing your steps. Based on what you've shown, it doesn't look like you've got RCE on the system yet. The commands you're running are on the Desktop instance of the lab (dependency-confusing-desktop). Once you've got RCE, you'll be the root user, so running "whoami" will output root, not iml-user.
Hope this helps!

User

Bronze II

10 months ago

It looks like you've successfully uploaded the file onto the target server but are trying to control it incorrectly and instead you're controlling you're own system instead of the target's. Try finding the file through the listener set up earlier.

Forum Discussion

Dependency Confusion

Featured Places

Help & Support Forum

Related Content

Threat Research: Dependency Confusion Q8

Threat Research: Dependency Confusion Lab

Confusion on Cyber Fundamentals Linux CLI ep.16 question 6

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

I’m ready to put up MITREE 🎄 – but is my business ready with MITRE ATT&CK?

Recent Discussions

Privilege Escalation: Windows – Finding Passwords

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Malware Analysis: Shlayer

CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)