This page is part of the larger series of converting an old laptop into a bare metal home lab server. Click the link to be taken back to the original post.
0xBEN
Practice your Web App Pentesting on this Juice Shop container. I gave my container the name juiceshop. You can name yours whatever you wish.
Resources
Network Settings
IPv4 should be set to DHCP and IPv6 should be set to Static- One network interface
- On switch
vmbr1 - VLAN Tag 666
- During initial setup, put the container on VLAN 666, so as to enable Internet connectivity. Later, we will place the container on VLAN 999 to isolate it.
- That will give it an IP address in the
10.6.6.0/24range
Recommended Options
Install and Configure Juice Shop
Inspect the Compatibility Matrix
This will tell you supported version of Node.js for the Juice Shop project. As of this writing, Node.js versions 14, 16, and 18 are officially supported.
juice-shopInstall Dependencies
Run these commands on the container. Be sure to replace setup_xx.x with your version of Node.js to be installed based on the compatibility matrix.
apt update && apt install apt-transport-https curl software-properties-common
# The version of setup_xx.x will be determined by the compatbility matrix
curl -sL https://deb.nodesource.com/setup_xx.x | bash -
apt install nodejsDownload Latest Juice Shop Build and Configure
Get the latest Juice Shop release from here:
juice-shopDownload the proper build for your OS and version of Node.js. For example, if you installed Node.js version 16 and are downloading Juice Shop version 14.3.0 , this is the package you would download:
# Right click the link and download to the container
cd /opt
wget https://<download link here>
gunzip juice-shop-version-number.tgz
tar -xvf juice-shop-version-number.tar
cd juice-shop-version-number
# Change the port from 3000 to 80 in the default.yml file
nano config/default.yml Run Juice Shop
The npm start command here is illustrated using the path /opt/juice-shop_12.7.1 . Update your command accordingly with the correct path in your environment.
npm start --prefix /opt/juice-shop_12.7.1/ 2>&1> /opt/juice-shop_12.7.1/log.txt &Cron Job to Start at Boot and Restart on Failures
crontab -e # Edit the root crontab file
# Choose option 1 for nanoThe cron job here is illustrated using the path /opt/juice-shop_12.7.1 . Update your cron job accordingly with the correct path in your environment.
# Enter the following cron jobs
# Job 1: Run juice shop when the container starts
# Job 2: Every minute check if node is running and start it if not
# Cron jobs always run in the background
# Job 1
@reboot npm start --prefix /opt/juice-shop_12.7.1/
# Job 2
* * * * * if [ -z "$(pidof node)" ] ; then npm start --prefix /opt/juice-shop_12.7.1/ ; fiMove the Container to VLAN 999
Now that the container is setup, we can move the it to VLAN 999 to isolate it and only allow it to talk to Kali. This will cause the container to get an IP address on the 10.9.9.0/24 network.
The networking settings have not changed on the container, and they won't until the lease period on the current DHCP IP address expires. We can force it to get a new IP address by restarting the networking service.
root@juiceshop:~# systemctl restart networking
Check Connectivity
Now, try ping from Kali to the container's IP address. If you can ping the container, you should be ready to have some fun. Open your browser and try navigating to https://juiceshop.cyber.range .
Start Hacking Juice Shop
Here's the official Pwning OWASP Juice Shop book for free online. Follow along while testing against your own local instance.
Björn Kimminich
Next Step: Adding Vulnhub VMs to the Cyber Range
0xBEN
