Forum Discussion

Octavio's avatar
Octavio
Icon for Bronze I rankBronze I
2 months ago

Threat Research: Dependency Confusion Lab

Hello Community, 

I am almost finished Threat Research: Dependency Confusion Lab, but I am stuck with the last question "What is the token found in /root/token.txt on the target server?".

I have followed all instructions, setup listener, up to python reverse shell (setup.py) but at the end, I don't know how to access token.txt file.

Any help would be appreciated. Below are the screenshots from terminal listener and terminal where all commands are executed.

Thanks so much

Octavio

3 Replies

    • MaxCucchi's avatar
      MaxCucchi
      Icon for Community Support rankCommunity Support

      Hi Octavio​ 👋 thank you for sharing this in the community!

      Thank you for providing all of the screenshots showing your work. In this case, it does appear that the command you are running to read the token is correct. However, the directory you are running this command in is incorrect, which is likely the cause of the issue!

      To resolve this, I might recommend opening another terminal window or running the command in the same window where you started the netcat listener, as this will ensure the command is being run from the desktop.

      I hope this helps out in overcoming this particular challenge 😊

      • netcat's avatar
        netcat
        Icon for Silver III rankSilver III

        I think that answer is really confusing.

        The first picture shows the netcat listener, and also the "python reverse shell" according to the briefing. So, you've done steps 1-5, and have shell access to the target.
        It's a "Dependency Confusion Lab", but it seems you have a "Shell Confusion". Why did you enter the command to read the token in the second window?