Juice Shop - HackMD

Juice Shop === --- ###### tags: `JuiceShop` `CTF` `security` `Web` 本篇筆記將介紹如何自己架設 JuiceShop 並建立 CTFd 平台 --- [TOC] # Environment ```shell $ lsb_releas -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.2 LTS Release: 18.04 Codename: bionic ``` # Build ## Install Docker :::info 參考資料 - https://docs.docker.com/v17.12/install/linux/docker-ce/ubuntu/#set-up-the-repository ::: ```shell $ curl -fsSL get.docker.com -o get-docker.sh $ sudo sh get-docker.sh ``` ## Setup Juice Shop :::info 參考資料 - https://github.com/bkimminich/juice-shop#docker-container ::: ```shell $ sudo docker pull bkimminich/juice-shop $ sudo docker run --rm -p 3000:3000 bkimminich/juice-shop < 很多很多的output > info: Server listening on port 3000 ``` 此時 JuiceShop 已經 run 在 localhost:3000 囉~ ## Setup CTF-Extension :::info 參考資料 - https://github.com/bkimminich/juice-shop#ctf-extension - https://github.com/CTFd/CTFd#install - http://shaobaobaoer.cn/archives/510/owasp-juice-shop - https://github.com/CTFd/CTFd/wiki/Getting-Started - http://codeqi.top/2018/02/03/搭建OWASP-Juice-Shop测试环境-并搭建CTF环境/ ::: ### Build CTFd ```shell $ sudo pip install docker-compose $ git clone https://github.com/isislab/CTFd.git $ cd CTFd $ sudo pip install -r requirements.txt $ sudo docker-compose up ``` 測試可以run之後就可以先關掉了 ### Import JuiceShop Challenge 1. 產生題目包 ```shell $ sudo apt-get install nodejs npm $ sudo npm install -g juice-shop-ctf-cli $ juice-shop-ctf Generate OWASP Juice Shop challenge archive for setting up CTFd 1.x, CTFd 2.x or FBCTF score server ? CTF framework to generate data for? CTFd 2.x ? Juice Shop URL to retrieve challenges? https://juice-shop.herokuapp.com ? Secret key <or> URL to ctf.key file? https://raw.githubusercontent.com/bkimmin ich/juice-shop/master/ctf.key ? Insert a text hint along with each challenge? Free text hints ? Insert a hint URL along with each challenge? Paid hint URLs < 各種 output > $ sudo docker-compose up ``` 2. 連線進入 CTFd 平台 : localhost:8000 3. 登入 -> Config -> Backup -> Import 4. 選擇剛剛 run juice-shop-ctf 後產生的 zip 5. 設定管理員帳密: `root`; `toor` 大功告成~~~