Hacking the Juice Shop: Information Gathering
Kassidy Hall
Information Security Risk Manager | Cybersecurity Leader | GRC | Financial Services
The?Juice Shop?is an intentionally vulnerable web application developed by the Open Web Application Security Project (OWASP). It has a series of challenges that allow hackers to learn how to exploit many of the vulnerabilities that fall under the OWASP Top 10.
I’m going to be posting a series of articles that effectively documents a miniature penetration test, which, generally speaking, consists of the following stages:
These phases aren’t always linear. It’s best to think of it as an iterative process. For example: scanning, enumeration and exploitation can all provide additional insights about the system under test, so as hackers we are constantly gathering information which can be used to perform further exploits.
PRE-ENGAGEMENT INTERACTIONS
I am studying to become a penetration tester, so this series is my attempt at showcasing my skills through the entire lifecycle of an engagement.
However, as a working mom, I simply don’t have the time or resources to dedicate to simulating a complete, full-scale penetration test.
One of the first steps involved in penetration testing (pre-engagement) is defining scope. Let’s do that.
I will focus solely on the Juice Shop application, not to include white box testing (SAST), or attacking the associated operating system/network.
领英推荐
I will document only a small portion of each stage and the vulnerabilities/exploits available on Juice Shop.
I will be using Kali Linux as the attacking machine, using a docker container to locally host the vulnerable web application Juice Shop.
I will publish a more detailed version of my findings on my blog, Technodivergent.
INFORMATION GATHERING
One of the first tasks is to attempt to gather fingerprints. I tried to gather more details about the web server, what kind of HTTP requests we can make, and what do the responses look like for a variety of cases.
Next, I manually poked around the website to glean any information I could from well-known text files hosted on the web server. Then I used the website like a user would. This revealed a lot of information about how potential usernames worth targeting.
All of this information gathering helped me to identify the various technologies that Juice Shop uses for the front- and backend, as well as discovering API endpoints.
It’s important to note that the information gathering phase is also an iterative process. Additional information can be learned throughout the entire lifecycle of a penetration test. Enumeration and exploitation can be especially useful for learning more in-depth information about the system under test.
The next article in this series will focus on the enumeration or scanning phase of penetration testing, where I discovered a wide variety of directories, endpoints and API calls worth investigating further.