Exploring CTF platform

https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! (https://www.owasp.org/)

Preparation

Base : OWASP Juice Shop Project
CTF Extension:CTFd

OS : Ubuntu 18.04 LTS Server
Installer : Docker

1.Installing Docker

$sudo apt-get update
$sudo apt install apt-transport-https ca-certificates curl software-properties-common
$curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
$sudo apt-get update && sudo apt-get upgrade
$apt-cache policy docker-ce
$sudo apt install docker-ce
$sudo systemctl status docker

Executing Docker with normal user

$sudo usermod -aG docker ${USER}  
$su - ${USER}
$id -nG
$sudo usermod -aG docker username

Basic Docker command

$docker ps -a
$dccker kill containerid
$docker rm containerid
$docker rmi imageid

2.Docker Compose

$sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
$sudo chmod +x /usr/local/bin/docker-compose
$docker-compose --version

3.OWASP Juice Shop Project

$docker pull bkimminich/juice-shop
$docker run -d -e CTF_KEY="any hash key generated" -e "NODE_ENV=ctf" -p 3000:3000 bkimminich/juice-shop

4.CTFd Installation

$cd /opt
$git clone https://github.com/CTFd/CTFd.git

Modify the docker-compose.yml file from the repository to specify a SECRET_KEY environment for the CTFd service. 
: Environment 
 - SECRET_KEY=<SPECIFY_RANDOM_VALUE>

$docker-compose up

Reference

https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04
https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-ubuntu-18-04
https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
https://ctfd.io/
https://www.owasp.org/images/f/f6/OWASP_BeNeLux_2018_Bjoern_Kimminich_-Juice_Shop-_OWASP%27s_most_broken_Flagship.pdf
https://buildmedia.readthedocs.org/media/pdf/ctfd/latest/ctfd.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *