Forum Discussion

Bronze I

10 months ago

Solved

Dependency Confusion

I feel as though I have exploited the vulnerability correctly and have gained RCE onto the server but I lack the sufficient privileges to access the token to complete the lab. I have no idea if I mis...

help & support

NyePrior
10 months ago
Hey Mail 👋
Thanks for sharing your steps. Based on what you've shown, it doesn't look like you've got RCE on the system yet. The commands you're running are on the Desktop instance of the lab (dependency-confusing-desktop). Once you've got RCE, you'll be the root user, so running "whoami" will output root, not iml-user.
Hope this helps!

steven

Silver II

9 months ago

so solving this lab is quite straight forward by just copy pasting the instructions.the setup.py only needs to by modified on 3 places (ip, name, version) and then build it and upload it. so far so good. once you get a shell "whoami" should show you root. just tried it and it just works like this

Forum Discussion

Dependency Confusion

Featured Places

Help & Support Forum

Related Content

Threat Research: Dependency Confusion Q8

Threat Research: Dependency Confusion Lab

Confusion on Cyber Fundamentals Linux CLI ep.16 question 6

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

I’m ready to put up MITREE 🎄 – but is my business ready with MITRE ATT&CK?

Recent Discussions

Privilege Escalation: Windows – Finding Passwords

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Malware Analysis: Shlayer

CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)