Building Your Self-Hosted Hacking Lab - Part 2

In this second part we will install OWASP Juice Shop.

If you haven't already seen Part 1, I recommend checking it out before proceeding. In that section, I cover how to set up the lab, install the Ubuntu server, and guide you through running the initial application, OWASP Bricks. This foundation is crucial to fully grasp the upcoming steps.

Building Your Self-Hosted Hacking Lab - Part 1

As someone who’s really into cybersecurity, I’ve always been interested in those hands-on training setups like Hack the Box and TryHackMe. But now, I want to take my interest a step further and make my own hacking lab using VirtualBox VMs. The idea of creating my own challenges and vulnerabilities

Albert LacastaAlbert

Juice Shop OWASP

Juice Shop is a deliberately insecure web application designed for the purpose of security training, awareness demonstrations, and testing. It's a project developed by the Open Web Application Security Project (OWASP), which is a community-driven organization focused on improving software security.

Juice Shop is a prime example of a "capture the flag" (CTF) challenge. It contains a variety of intentionally created security vulnerabilities, such as SQL injection, cross-site scripting (XSS), and more. The objective of Juice Shop is to provide a safe environment for individuals to practice identifying and exploiting these vulnerabilities, thereby enhancing their understanding of web application security.

GitHub - juice-shop/juice-shop: OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application - GitHub - juice-shop/juice-shop: OWASP Juice Shop: Probably the most modern and sophisticated insecure web app…

GitHubjuice-shop

Installation

Installing the OWASP Juice Shop on an Ubuntu server involves setting up a vulnerable web application for security testing and education. Here's a step-by-step guide on how to install OWASP Juice Shop:

Install Required Dependencies

Update Packages: Run the following commands to update the package list and upgrade existing packages:

sudo apt update
sudo apt upgrade

Install Node.js and npm: OWASP Juice Shop is built using Node.js, so you need to install it:

curl -sL https://deb.nodesource.com/setup_16.x -o /tmp/nodesource_setup.sh

sudo bash /tmp/nodesource_setup.sh

sudo apt install nodejs npm

Clone the OWASP Juice Shop Repository

Navigate to the directory where you want to install Juice Shop and clone the repository:

cd /var/www/html
git clone https://github.com/bkimminich/juice-shop.git

Navigate to the Directory: Move into the cloned Juice Shop directory:

cd juice-shop

Install Dependencies: Install Juice Shop's dependencies using npm:

npm install

Install PM2 & Run Juice Shop

Install PM2 globally using npm. PM2 is a popular process manager for Node.js applications that provides features like process management, monitoring, and automatic restarts.

sudo npm install -g pm2

Start the Juice Shop application using PM2:

pm2 start npm --name "juice-shop" -- start

Then configure PM2 to start the Juice Shop application on server boot:

pm2 save

After running PM2, the Juice Shop will be readily accessible. Simply enter http://192.168.1.2:3000 in your web browser to access and interact with the Juice Shop application.

Conclusion

In conclusion, setting up the OWASP Juice Shop using PM2 on an Ubuntu server offers a robust solution for deploying and managing this vulnerable web application. PM2 simplifies the process by ensuring smooth execution, automatic restarts, and convenient management through its command-line interface. With PM2 in place, accessing the Juice Shop becomes effortless, enabling users to engage with the application seamlessly.