Forum Discussion
Bronze IThreat Research: Dependency Confusion Q8
Hey Sheapndr
Just following up from what my colleague MaxCucchi posted in his reply, we did raise your lab issue to our Cyber Team to see if they could provide some additional information to help you.
I'll share below their comments, so let us know if this helps you with your lab attempt:"This is expected behaviour - the user has got the shell! This line shows they are connected to the target (it does look a bit strange):
dependency-confusion-target:/tmp/pip-install-f7fjilfu/flask-auth-humble-pie_e42ebccc41e140c7a74896ea6e23e5eb# ^[[5;31R"
But, they can interact with the target and find the token by just running cat /root/token.txt in the terminal once they see this."
Community SupportHi Sheapndr
Thank you for raising this question in the community!
I have been working with our internal teams to review this lab and can confirm that the lab is working as expected.
That said, From looking at the code you have provided here, some suggestions may help you proceed!
First, you must ensure you have created the βcheck_for_thisβ file on the Desktop before running the code. You should also ensure you check for the additional variables that need to change in the setup( section.
The correct version is printed on an additional page of the website, which can be found by looking at the target source code (this same page has the vulnerable package name printed on it).
I hope that this helps get you in the right direction π
