This page is part of the larger series of converting an old laptop into a bare metal home lab server. Click the link to be taken back to the original post.

Practice your Web App Pentesting on this Juice Shop container. I gave my container the name juiceshop
. You can name yours whatever you wish.
Resources

Network Settings

IPv4
should be set to DHCP
and IPv6
should be set to Static
- One network interface
- On switch
vmbr1
- VLAN Tag 666
- During initial setup, put the container on VLAN 666, so as to enable Internet connectivity. Later, we will place the container on VLAN 999 to isolate it.
- That will give it an IP address in the
10.6.6.0/24
range
Recommended Options

Install and Configure Juice Shop
Inspect the Compatibility Matrix
This will tell you supported version of Node.js for the Juice Shop project. As of this writing, Node.js versions 14
, 16
, and 18
are officially supported.
Install Dependencies
Run these commands on the container. Be sure to replace setup_xx.x
with your version of Node.js to be installed based on the compatibility matrix.
apt update && apt install apt-transport-https curl software-properties-common
# The version of setup_xx.x will be determined by the compatbility matrix
curl -sL https://deb.nodesource.com/setup_xx.x | bash -
apt install nodejs
Download Latest Juice Shop Build and Configure
Get the latest Juice Shop release from here:
Download the proper build for your OS and version of Node.js. For example, if you installed Node.js version 16
and are downloading Juice Shop version 14.3.0
, this is the package you would download:

# Right click the link and download to the container
cd /opt
wget https://<download link here>
gunzip juice-shop-version-number.tgz
tar -xvf juice-shop-version-number.tar
cd juice-shop-version-number
# Change the port from 3000 to 80 in the default.yml file
nano config/default.yml
Run Juice Shop
The npm start
command here is illustrated using the path /opt/juice-shop_12.7.1
. Update your command accordingly with the correct path in your environment.
npm start --prefix /opt/juice-shop_12.7.1/ 2>&1> /opt/juice-shop_12.7.1/log.txt &
Cron Job to Start at Boot and Restart on Failures
crontab -e # Edit the root crontab file
# Choose option 1 for nano
The cron job here is illustrated using the path /opt/juice-shop_12.7.1
. Update your cron job accordingly with the correct path in your environment.
# Enter the following cron jobs
# Job 1: Run juice shop when the container starts
# Job 2: Every minute check if node is running and start it if not
# Cron jobs always run in the background
# Job 1
@reboot npm start --prefix /opt/juice-shop_12.7.1/
# Job 2
* * * * * if [ -z "$(pidof node)" ] ; then npm start --prefix /opt/juice-shop_12.7.1/ ; fi
Move the Container to VLAN 999
Now that the container is setup, we can move the it to VLAN 999 to isolate it and only allow it to talk to Kali. This will cause the container to get an IP address on the 10.9.9.0/24
network.


The networking settings have not changed on the container, and they won't until the lease period on the current DHCP IP address expires. We can force it to get a new IP address by restarting the networking service.
root@juiceshop:~# systemctl restart networking

Check Connectivity
Now, try ping
from Kali to the container's IP address. If you can ping
the container, you should be ready to have some fun. Open your browser and try navigating to https://juiceshop.cyber.range
.
Start Hacking Juice Shop
Here's the official Pwning OWASP Juice Shop book for free online. Follow along while testing against your own local instance.

Next Step: Adding Vulnhub VMs to the Cyber Range
