This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Manila/Install OWASP Juice Shop in Ubuntu"

From OWASP
Jump to: navigation, search
(Update some of the contents)
 
(3 intermediate revisions by the same user not shown)
Line 27: Line 27:
 
you can download the repo directly on the github but when i try to clone the github repo directly there is some error on the source code, that's why i prepare to download this file directly [https://github.com/bkimminich/juice-shop/releases/tag/v5.0.1 Here]  
 
you can download the repo directly on the github but when i try to clone the github repo directly there is some error on the source code, that's why i prepare to download this file directly [https://github.com/bkimminich/juice-shop/releases/tag/v5.0.1 Here]  
  
now we need to install jode.js on our ubuntu machine, can install our by typing the following commands
+
now we need to install jode.js on our ubuntu machine, we can install it by typing the following commands
  
 
'''The latest update for node.js 8.0 is the current Node.js release available:'''
 
'''The latest update for node.js 8.0 is the current Node.js release available:'''
Line 44: Line 44:
  
 
<code>pwnedlinux@ubuntu:~$ sudo apt-get install nodejs</code>
 
<code>pwnedlinux@ubuntu:~$ sudo apt-get install nodejs</code>
[[File:Screenshot 9.png|left|frameless|500x500px]]
+
[[File:Screenshot 9.png|frameless|500x500px|center]]  
  
 
again wait until the installation is done!  
 
again wait until the installation is done!  
Line 60: Line 60:
 
<code>pwnedlinux@ubuntu:~/Documents/juice_shop$ npm install</code>
 
<code>pwnedlinux@ubuntu:~/Documents/juice_shop$ npm install</code>
  
[[File:Screenshot 11.png|left|frameless|500x500px]]
+
[[File:Screenshot 11.png|frameless|500x500px|center]]
  
 
after the installation  if there is no errors on the installation proceed on the next step run the applicaiton
 
after the installation  if there is no errors on the installation proceed on the next step run the applicaiton
Line 67: Line 67:
  
 
if there is not error your vulnerable web application is now running and you are good to go! make sure you run every code in "sudo" you will get an error in directory and file permissions.
 
if there is not error your vulnerable web application is now running and you are good to go! make sure you run every code in "sudo" you will get an error in directory and file permissions.
[[File:Screenshot 12.png|left|frameless|800x800px]]
 
  
Note: in any case i tried to install this machine many times, i encounter many error and all you need to do is to troubleshoot the error messages sometimes there is a missing libraries or module on your system that needs to install first in my case the error i encounter is the sqlite3 is not installed in my system. after installing the sqlite3 there is no error and may application run smoothly.
+
[[File:Screenshot 12.png|frameless|800x800px|center]]
  
Special thanks to the behind this awesome project!  
+
Note: in any case i tried to install this in ubuntu machine many times, for experiment purpose first i use ubuntu x32bit architecture but there is to many errors on the source code because the OWASP Juice Shop is compatible with Ubuntu x64 bit Architecture, i encounter many error and all you need to do is to troubleshoot the error messages sometimes there is a missing libraries or module on your system that needs to install first in my case the error i encounter is the sqlite3 is not installed in my system. after installing the sqlite3 there is no error and may application run smoothly.
 +
 
 +
Special thanks to the behind this awesome project!
  
 
* Björn Kimminich aka <code>bkimminich</code>
 
* Björn Kimminich aka <code>bkimminich</code>
Line 91: Line 92:
  
 
Thank you guys!
 
Thank you guys!
 +
 +
Created By:
 +
 +
John Patrick Lita | OWASP Manila
 +
 +
Cyber Security Philippines -CERT : VAPT Operations Manager

Latest revision as of 04:02, 11 December 2017

Hello Guys today we are going to discuss in this tutorial on how to install OWASP Juice Shop in Ubuntu 16.04.3-desktop-amd.iso , i just want to share this to help other security enthusiast like me who likes to share and teach something to help the community grow.

First we need to know what is OWASP JUICE SHOP is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. for more information you can visit : Juice Shop

Before we start we need the following tools:

  1. Ubuntu 16.04.3-desktop-amd.iso
  2. Download
  3. Download the latest version of OWASP Juice Shop
  4. make sure to install everything from software to your Ubuntu Linux Box in your virtual machine that you choose

Once you bootup your Ubuntu Machine we need to execute the following command:

pwnedlinux@ubuntu:~$ sudo apt-get update

pwnedlinux@ubuntu:~$ sudo apt-get upgrade

once the update and upgrade we are going to install all the dependencies we need to run our OWASP Juice Shop, make your terminal available on your desktop we still need it to install.

pwnedlinux@ubuntu:~$ sudo apt-get install npm

pwnedlinux@ubuntu:~$ sudo apt-get instal curl

pwnedlinux@ubuntu:~$ sudo apt-get install git

you can download the repo directly on the github but when i try to clone the github repo directly there is some error on the source code, that's why i prepare to download this file directly Here

now we need to install jode.js on our ubuntu machine, we can install it by typing the following commands

The latest update for node.js 8.0 is the current Node.js release available:

pwnedlinux@ubuntu:~$ sudo apt-get install python-software-properties

pwnedlinux@ubuntu:~$ curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -

Use LTS Release: using Node.js 6.11 is the LTS release available

pwnedlinux@ubuntu:~$ sudo apt-get install python-software-properties

pwnedlinux@ubuntu:~$ curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -

wait until the installation is done, after the installation is finish lets install the noje.js

pwnedlinux@ubuntu:~$ sudo apt-get install nodejs

Screenshot 9.png

again wait until the installation is done!

Take note we install the curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - because this version is stable you can install the version 8 if you like :)

once the installation is done extract the file you downloaded on https://github.com/bkimminich/juice-shop/releases/tag/v5.0.1 make sure you download the file that is compatible on the version of the node.js you install.

Next step is navigate to your directory location where you save the Juice Shop file directory in my case i save it on the Documents for tutorial purpose only.

pwnedlinux@ubuntu:~$ cd /Documents/juice_shop

once your on the directory run the following command:

pwnedlinux@ubuntu:~/Documents/juice_shop$ npm install

Screenshot 11.png

after the installation if there is no errors on the installation proceed on the next step run the applicaiton

pwnedlinux@ubuntu:~/Documents/juice_shop$ sudo npm start

if there is not error your vulnerable web application is now running and you are good to go! make sure you run every code in "sudo" you will get an error in directory and file permissions.

Screenshot 12.png

Note: in any case i tried to install this in ubuntu machine many times, for experiment purpose first i use ubuntu x32bit architecture but there is to many errors on the source code because the OWASP Juice Shop is compatible with Ubuntu x64 bit Architecture, i encounter many error and all you need to do is to troubleshoot the error messages sometimes there is a missing libraries or module on your system that needs to install first in my case the error i encounter is the sqlite3 is not installed in my system. after installing the sqlite3 there is no error and may application run smoothly.

Special thanks to the behind this awesome project!

  • Björn Kimminich aka bkimminich
  • Bitdeli Chef aka bitdeli-chef
  • The Gitter Badger aka gitter-badger
  • Aaron Edwards aka aaron-m-edwards
  • Dinis Cruz aka DinisCruz
  • Timo Pagel aka wurstbrot
  • Gorka Vicente aka gorkavicente
  • Alvaro Viebrantz aka alvarowolfx
  • Johanna A aka yuhama
  • Stephen OBrien aka stephenobrien
  • Joe Butler aka joelicious
  • Abhishek bundela aka abhishekbundela
  • ninoseki
  • Jannik Hollenbach aka J12934
  • Viktor Lindström aka ViktorLindstrm
  • Achim Grimm aka achimgrimm

Thank you guys!

Created By:

John Patrick Lita | OWASP Manila

Cyber Security Philippines -CERT : VAPT Operations Manager