Create an OWASP Juice Shop Container in Proxmox

In this module, we will look at creating a container in our Proxmox home lab to run OWASP Juice Shop to practice our web app pentest skills

8 months ago   •   4 min read

By 0xBEN
Table of contents

This page is part of the larger series of converting an old laptop into a bare metal home lab server. Click the link to be taken back to the original post.

Proxmox VE 7: Converting a Laptop into a Bare Metal Server
In this post, we will take a look at an in-detail process of setting up a Proxmox home lab on a bare metal server.




Practice your Web App Pentesting on this Juice Shop container. I gave my container the name juiceshop. You can name yours whatever you wish.

Resources





Network Settings

  • One network interface
  • On switch vmbr1
  • VLAN Tag 666
    • During initial setup, put the container on VLAN 666, so as to enable Internet connectivity. Later, we will place the container on VLAN 999 to isolate it.
    • That will give it an IP address in the 10.6.6.0/24 range




Recommended Options





Install and Configure Juice Shop

Install Dependencies

Run these commands on the container

apt update && apt install apt-transport-https curl software-properties-common
curl -sL https://deb.nodesource.com/setup_15.x | bash -
apt install nodejs




Download Latest Juiceshop Build and Configure

Download the proper build for your OS and version of NodeJS

Release v13.1.0 ยท juice-shop/juice-shop
๐Ÿ‘Ÿ Runtime Add support for Node.js 17.x including addition of pre-packaged releases for this version ๐Ÿณ Docker Docker image now uses Node.js 16.x instead of 14.x base images ๐Ÿ› Bugfixes #1733: Va...

Example: NodeJS 15.x and Debian 10

# Right click the link and download to the container
cd /opt
wget https://<download link here>
gunzip juice-shop-12.7.1_node15_linux_x64.tgz
tar -xvf juice-shop-12.7.1_node15_linux_x64.tar
cd juice-shop_12.7.1

# Change the port from 3000 to 80 in the default.yml file
nano config/default.yml 




Run Juice Shop

npm start --prefix /opt/juice-shop_12.7.1/ 2>&1> /opt/juice-shop_12.7.1/log.txt &




Cron Job to Start at Boot and Restart on Failures

crontab -e # Edit the root crontab file
    # Choose option 1 for nano
# Enter the following cron jobs
    # Job 1: Run juiceshop when the container starts
    # Job 2: Every minute check if node is running and start it if not
        # Cron jobs always run in the background

# Job 1
@reboot npm start --prefix /opt/juice-shop_12.7.1/ 

# Job 2
* * * * * if [ -z "$(pidof node)" ] ; then npm start --prefix /opt/juice-shop_12.7.1/ ; fi




Move the Container to VLAN 999

Now that the container is setup, we can move the it to VLAN 999 to isolate it and only allow it to talk to Kali. This will cause the container to get an IP address on the 10.9.9.0/24 network.

Change the VLAN tag to 999

The networking settings have not changed on the container, and they won't until the lease period on the current DHCP IP address expires. We can force it to get a new IP address by restarting the networking service.

root@juiceshop:~# systemctl restart networking
The container now has the IP address of 10.9.9.11/24




Check Connectivity

Now, try ping from Kali to the container's IP address. If you can ping the container, you should be ready to have some fun. Open your browser and try navigating to https://juiceshop.cyber.range.





Next Step: Adding Vulnhub VMs to the Cyber Range

Adding Vulnhub VMs to Our Proxmox Cyber Range
In this module, we will look at how to import VMs from Vulnhub into our Proxmox home lab

Spread the word

Keep reading