OWASP Juice Shop THM Write Up
Owasp Juice Shop is an extremely vulnerable website that allows you to practice your web application penetration testing. The types of attacks you will be using are as follows: Injection type attacks, Broken Authentication, Sensitive Data Exposure, Broken Access Control, and XSS (Cross-Site Scripting).
Task 1 essentially just wants you to deploy the machine and access the webpage so you can complete those tasks and head over to task 2.
Moving on to task 2 Question #1: What’s the administrators email address?
We can find the admins email by searching around the webpage, so after clicking on all the items we eventually find the admins email under the Apple Juice reviews.
The next question asks what parameter is used for searching? to find this we simply have to make a query and see what letter pops up in the address bar.
Question #3: What show does Jim reference in his review
Task 3 — Inject the Juice
Question #1 Log into the administrator account so for this one you need to capture this packet to see the format of logging in and we try to see if it is susceptible to SQL injection. To capture packet we are going to utilize BurpSuite’s Proxy tab and turn Intercept on. If not already adding the Foxy Proxy web extension for Fire Fox makes it really easy to capture packets with no trouble at all.
Task 4 Question 1: Brute force the admin password
So for this one you are going to want to utilize the intruder tab for BurpSuite and switch the attack type to Sniper, what you’ll need to do is the capture the admin login pack then send it to intruder, load your payload from your word lists(They recommend sect-list 1050.txt, and Brute force!
Task 4 Question #2 Reset Jim’s password
Prior we learned the Jim likes star trek so if we do a google search for Jim Star Trek we can find a list of names that may possibly be the siblings middle name, it is given in the task just input Samuel and you reset the password and get the flag!
Task 5 Question #1: Access the confidential document
For task 5 we want to follow the steps on the THM webpage they state if you head over to the about us section you can check out the information. Once we hover over the hyperlink we can see it goes to /ftp so lets check it out!
Task 5 Question #2: Log into Mc.Safe Search account.
THM provides all the credentials so just go ahead and login and capture that flag!
Task 5 Question #3: Download the backup file
Heading back over to our Machine_IP/ftp we can see a file named package.json.bak but when we click into it we get an error! In order to cap this flag we need to modify the hyperlink with something called the Poison Null Byte (By placing a NULL byte in the string at a certain byte, the string will terminate at that point, nulling the rest of the string, such as a file extension.) So when we input this %2500.md into our hyperlink instead of getting an error message we get the actual file and thus the flag!
Task 6 Question #1 Access the /administration page
For this one I just went right to the administration page and was able to get the flag.
Task 6 Question #2: View another user’s shopping basket: So to see another user’s basket we want to (already logged into admin) change the packet from basket/1 -> basket/2 and you cap that flag!
Task 6 Question #3 Delete the 5-star reviews : For this one head over to the /administration directory and you can see the Customer Feedback just delete the 5 star reviews and head back to the main page and cap that flag!
Task 7 Question 1: Perform DOM XSS:
Task 7 Question 2: Perform persistent XSS:
Task 7 Question #3: Perform a reflected XSS
Task 8 Question #1: Score Board
Head over to /#/score-board and cap an easy flag and finish up the room!