Forum Discussion

Bronze I

4 months ago

Dependency Confusion

I feel as though I have exploited the vulnerability correctly and have gained RCE onto the server but I lack the sufficient privileges to access the token to complete the lab. I have no idea if I mis...

help & support

NyePrior
4 months ago
Hey Mail 👋
Thanks for sharing your steps. Based on what you've shown, it doesn't look like you've got RCE on the system yet. The commands you're running are on the Desktop instance of the lab (dependency-confusing-desktop). Once you've got RCE, you'll be the root user, so running "whoami" will output root, not iml-user.
Hope this helps!

User

Bronze II

4 months ago

It looks like you've successfully uploaded the file onto the target server but are trying to control it incorrectly and instead you're controlling you're own system instead of the target's. Try finding the file through the listener set up earlier.

Forum Discussion

Dependency Confusion

Related Content

Threat Research: Dependency Confusion Q8

Confusion on Cyber Fundamentals Linux CLI ep.16 question 6

I’m ready to put up MITREE 🎄 – but is my business ready with MITRE ATT&CK?

Recent Discussions

Threat Hunting Mining Behaviour - Question 1

Help needed for Threat Hunting: Mining Behaviour

Halloween 2020: Ep.1 – Death by Ink

The Haunted Hollow: The Cursed Crypt

S3: Access Policies (Q5)