OWASP Juice-Shop Series Pt.1 Set-Up with Docker < Win. Mac & Linux>

Introduction to OWASP Juice Shop and Setting Up the Environment

Welcome to the first post in our series on hacking OWASP Juice Shop! Throughout this blog, we will explore the vulnerabilities and security challenges present in this intentionally vulnerable web application. Juice Shop is designed to help ethical hackers and penetration testers hone their skills and practice hacking in a safe environment.

In this series, we will use Docker to run Juice Shop, ensuring an easy setup across various platforms like Windows, macOS, and Linux. I’ll provide step-by-step instructions for setting up Docker on all major systems, so you can follow along no matter what operating system you’re using. Once Juice Shop is up and running, we’ll dive into finding and exploiting common web vulnerabilities.

Let’s start by setting up Docker, which will make it easy to run Juice Shop on any platform. Below are the instructions for installing Docker Desktop on Windows and macOS, and Docker on Debian-based Linux distributions like Ubuntu and Kali Linux.

Installing Docker

1. For Windows (Docker Desktop)

1. Visit the Docker Desktop website: Docker Desktop for Windows.
2. Click on Download for Windows.
3. Once the installer is downloaded, open it and follow the installation steps:
   • Agree to the terms and conditions.
   • Allow Docker Desktop to use WSL 2 (recommended).
4. After installation, launch Docker Desktop from the Start menu.
5. Verify Docker is running by opening a command prompt and typing:

   docker --version

If installed successfully, you should see the Docker version number.

2. For macOS (Docker Desktop)

1. Visit the Docker Desktop website: Docker Desktop for Mac.
2. Click on Download for Mac.
3. After the download, open the .dmg file and drag Docker to your Applications folder.
4. Launch Docker from the Applications folder.
5. Verify Docker is running by opening a terminal and typing:

   docker --version

Installing Docker on Debian-based Linux (Ubuntu/Kali)

Docker is available directly from the official Docker repositories. Here’s how to set it up:

1. Uninstall old Docker versions (if any):

   sudo apt remove docker docker-engine docker.io containerd runc

1. Install Docker Engine:

   sudo apt update && sudo apt install docker.io

1. Verify installation:

   sudo docker --version

Installing Docker Compose (for Linux)

Docker Compose is a tool that helps you define and run multi-container Docker applications. Here’s how to install it:

1. Install Docker Compose:

   sudo apt install docker-compose

sudo systemctl start docker

sudo systemctl enable docker

1. Apply executable permissions to the binary:

   sudo chmod +x /usr/local/bin/docker-compose

1. Verify the installation:

   docker-compose --version

Setting Up Juice Shop

Once Docker is installed, setting up Juice Shop is straightforward. We will use Docker to pull the OWASP Juice Shop image and run it on your system.

1. Pull the Juice Shop Docker image:

   docker pull bkimminich/juice-shop

1. Run the Juice Shop container:

   docker run --rm -p 3000:3000 bkimminich/juice-shop

1. Access Juice Shop: Open your browser and go to http://localhost:3000. You should see the Juice Shop application running.

What’s Next?

Now that you have Juice Shop up and running, it is time to take action and start hacking! I belive the best way to learn is not just by reading or watching but actually doing. In the next post, we’ll start exploring the security challenges built into Juice Shop and go through step-by-step tutorials on how to find and exploit vulnerabilities.

Stay tuned, and get ready to hack the Juice Shop