OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! (https://www.owasp.org/)
Preparation
Base : OWASP Juice Shop Project
CTF Extension:CTFd
OS : Ubuntu 18.04 LTS Server
Installer : Docker
1.Installing Docker
$sudo apt-get update
$sudo apt install apt-transport-https ca-certificates curl software-properties-common
$curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
$sudo apt-get update && sudo apt-get upgrade
$apt-cache policy docker-ce
$sudo apt install docker-ce
$sudo systemctl status docker
Executing Docker with normal user
$sudo usermod -aG docker ${USER}
$su - ${USER}
$id -nG
$sudo usermod -aG docker username
Basic Docker command
$docker ps -a $dccker kill containerid $docker rm containerid $docker rmi imageid
2.Docker Compose
$sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose $sudo chmod +x /usr/local/bin/docker-compose $docker-compose --version
3.OWASP Juice Shop Project
$docker pull bkimminich/juice-shop $docker run -d -e CTF_KEY="any hash key generated" -e "NODE_ENV=ctf" -p 3000:3000 bkimminich/juice-shop
4.CTFd Installation
$cd /opt $git clone https://github.com/CTFd/CTFd.git Modify the docker-compose.yml file from the repository to specify a SECRET_KEY environment for the CTFd service. : Environment - SECRET_KEY=<SPECIFY_RANDOM_VALUE> $docker-compose up
Reference
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04
https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-ubuntu-18-04
https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
https://ctfd.io/
https://www.owasp.org/images/f/f6/OWASP_BeNeLux_2018_Bjoern_Kimminich_-Juice_Shop-_OWASP%27s_most_broken_Flagship.pdf
https://buildmedia.readthedocs.org/media/pdf/ctfd/latest/ctfd.pdf