Forum Discussion
Threat Research: Dependency Confusion Lab
Hello Community,
I am almost finished Threat Research: Dependency Confusion Lab, but I am stuck with the last question "What is the token found in /root/token.txt on the target server?".
I have followed all instructions, setup listener, up to python reverse shell (setup.py) but at the end, I don't know how to access token.txt file.
Any help would be appreciated. Below are the screenshots from terminal listener and terminal where all commands are executed.
Thanks so much
Octavio
3 Replies
- KieranRowley
Community Manager
Hey Octavio! I am forwarding this to the relevant expert now
- MaxCucchi
Community Support
Hi Octavio 👋 thank you for sharing this in the community!
Thank you for providing all of the screenshots showing your work. In this case, it does appear that the command you are running to read the token is correct. However, the directory you are running this command in is incorrect, which is likely the cause of the issue!
To resolve this, I might recommend opening another terminal window or running the command in the same window where you started the netcat listener, as this will ensure the command is being run from the desktop.
I hope this helps out in overcoming this particular challenge 😊
- netcat
Silver III
I think that answer is really confusing.
The first picture shows the netcat listener, and also the "python reverse shell" according to the briefing. So, you've done steps 1-5, and have shell access to the target.
It's a "Dependency Confusion Lab", but it seems you have a "Shell Confusion". Why did you enter the command to read the token in the second window?