7MS #231: Pentesting OWASP Juice Shop - Part 2

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!

Intro

Today we're continuing our series on hacking apart the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

Important updates

Since last week's episode, Juice Shop has had some important updates. So if you installed this as a docker container, you may want to go ahead and update your Juice Shop container using these commands:

docker pull bkimminich/juice-shop

The latest build contains (at least) two important updates:

  • Score board ticker: as you complete the score board challenges, you get notified in real time at the top of the page!
  • Continue codes: you can now save your progress at any time. This is especially handy if your Juice Shop container crashes or you need to reboot the VM it's hosted on (more on this next week).

Lets continue pwning stuff!

The flaws we'll attack today include:

  • Pop an XSS box using the Juice Shop search box
  • Brute-forcing the admin user's password
  • Use Burp intercept to leave passive-aggressive Web site feedback under another user's name!
  • Use Burp intercept to pay for a Juice Shop order in such a way that makes us rich! Muwahahahaha!!!

Video:

Here's the complementary video content for today's audio podcast: