██FR█████ █INTELL███████████

OWASP Juice-Shop Series Pt.1 Set-Up with Docker < Win. Mac & Linux>


This content originally appeared on DEV Community and was authored by haXarubiX

Introduction to OWASP Juice Shop and Setting Up the Environment

Welcome to the first post in our series on hacking OWASP Juice Shop! Throughout this blog, we will explore the vulnerabilities and security challenges present in this intentionally vulnerable web application. Juice Shop is designed to help ethical hackers and penetration testers hone their skills and practice hacking in a safe environment.

In this series, we will use Docker to run Juice Shop, ensuring an easy setup across various platforms like Windows, macOS, and Linux. I’ll provide step-by-step instructions for setting up Docker on all major systems, so you can follow along no matter what operating system you’re using. Once Juice Shop is up and running, we’ll dive into finding and exploiting common web vulnerabilities.

Let’s start by setting up Docker, which will make it easy to run Juice Shop on any platform. Below are the instructions for installing Docker Desktop on Windows and macOS, and Docker on Debian-based Linux distributions like Ubuntu and Kali Linux.

Installing Docker

1. For Windows (Docker Desktop)

  1. Visit the Docker Desktop website: Docker Desktop for Windows.
  2. Click on Download for Windows.
  3. Once the installer is downloaded, open it and follow the installation steps:
    • Agree to the terms and conditions.
    • Allow Docker Desktop to use WSL 2 (recommended).
  4. After installation, launch Docker Desktop from the Start menu.
  5. Verify Docker is running by opening a command prompt and typing: “`bash

docker –version

   If installed successfully, you should see the Docker version number.

#### 2. **For macOS (Docker Desktop)**

1. Visit the Docker Desktop website: [Docker Desktop for Mac](https://www.docker.com/products/docker-desktop).
2. Click on **Download for Mac**.
3. After the download, open the `.dmg` file and drag Docker to your Applications folder.
4. Launch Docker from the Applications folder.
5. Verify Docker is running by opening a terminal and typing:
   ```bash


   docker --version

Installing Docker on Debian-based Linux (Ubuntu/Kali)

Docker is available directly from the official Docker repositories. Here’s how to set it up:

  1. Uninstall old Docker versions (if any): “`bash

sudo apt remove docker docker-engine docker.io containerd runc


2. **Install Docker dependencies**:
   ```bash


   sudo apt update
   sudo apt install apt-transport-https ca-certificates curl gnupg lsb-release
  1. Add Docker’s official GPG key: “`bash

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg –dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg


4. **Set up the Docker repository**:
   ```bash


   echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  1. Install Docker Engine: “`bash

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io


6. **Verify installation**:
   ```bash


   sudo docker --version

Installing Docker Compose (for Linux)

Docker Compose is a tool that helps you define and run multi-container Docker applications. Here’s how to install it:

  1. Download the Docker Compose binary: “`bash

sudo curl -L “https://github.com/docker/compose/releases/download/v2.20.2/docker-compose-$(uname -s)-$(uname -m)” -o /usr/local/bin/docker-compose


2. Apply executable permissions to the binary:
   ```bash


   sudo chmod +x /usr/local/bin/docker-compose
  1. Verify the installation: “`bash

docker-compose –version


---

### Setting Up Juice Shop

Once Docker is installed, setting up Juice Shop is straightforward. We will use Docker to pull the OWASP Juice Shop image and run it on your system.

1. **Pull the Juice Shop Docker image**:
   ```bash


   docker pull bkimminich/juice-shop
  1. Run the Juice Shop container: “`bash

docker run –rm -p 3000:3000 bkimminich/juice-shop


3. **Access Juice Shop**: 
   Open your browser and go to `http://localhost:3000`. You should see the Juice Shop application running.

---

### What’s Next?

Now that you have Juice Shop up and running, the fun begins! In the next post, we’ll start exploring the security challenges built into Juice Shop and go through step-by-step tutorials on how to find and exploit vulnerabilities.

Stay tuned, and get ready to start hacking Juice Shop in the most ethical way possible!


This content originally appeared on DEV Community and was authored by haXarubiX