Juice Shop Walkthrough - 2 Star

Juice Shop Walkthrough - 2 Star

In today's post we will be talking about the Juice Shop walkthrough part two, and walking through the two star challenges.  The screenshot below is from the scoreboard we found in part one.   The first challenge is to access someone else's basket.  The first step is to access our own basket to under more clearly how the authorization process is handled.  For this challenge fire up your BurpSuite interception proxy, and set it to intercept before clicking on Your Basket.   The screenshot below shows the request being caught by BurpSuite. Before forwarding the request try simply changing the /rest/basket/…

Read More

Setting Up Ghost with Google Cloud

Setting Up Ghost with Google Cloud

So, you want to setup a blogging service, but do not want to worry about paying 20 dollars a month to WordPress or Ghost for a subscription fee.  Well, you are in luck, because the Ghost blogging platform can be run on Google's Cloud infrastructure for less a quarter of the cost.   This blog post will also talk about signing up for a custom domain to utilize as well. A custom domain name is not a requirement, but know that your IP address might change, and you will have to login to the Console every time you want to access…

Read More

Vulnerable Web Application Test Envrionment

Vulnerable Web Application Test Envrionment

From previous posts I have talked extensively on the magical powers that is Docker. This is a script I created to help setup a fresh Kali image with multiple vulnerable web apps for training or practice purposes.   #!/bin/bash # Install Docker curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - echo 'deb https://download.docker.com/linux/debian stretch stable' > /etc/apt/sources.list.d/docker.list apt-get update apt-get remove docker docker-engine docker.io -y apt-get install docker-ce -y systemctl start docker systemctl enable docker # Install Dnsmasq apt-get install dnsmasq -y echo "# New Changes…

Read More

Juice Shop Walkthrough - 1 Star

Juice Shop Walkthrough - 1 Star

This post will contain screenshots for all of the 1 star challenges of the OWASP Juice Shop which was covered in a previous post.  Just as a reminder the Juice Shop web application relies upon HTML5 web storage to store a cookie with current progress.  If you attempt to access the Juice Shop from a different host machine or different browser you might not have your progress saved.  However, if you were to restart the host machine or restart the remote server hosting the application your stored cookie will refresh your progress.   The first real (albeit easier challenge) is really…

Read More