OWASP Juice Shop Write-Up

Welcome to the GitHub repository dedicated to providing comprehensive write-ups for the OWASP Juice Shop CTF challenges. OWASP Juice Shop is an intentionally insecure web application designed for training, demonstrating, and testing security tools and techniques. This repository aims to offer step-by-step solutions, detailed descriptions of vulnerabilities exploited, and recommended remediations for each challenge.

Table of Contents

• Repository Structure
• Challenge Levels
• Recommendations
• Contributing
• Challenge List

Repository Structure

• Challenges: Solutions are organized into folders based on their difficulty level, ranging from 1 to 6 stars (⭐-⭐⭐⭐⭐⭐⭐). Each challenge's folder contains a detailed write-up that walks through the approach taken to exploit vulnerabilities and secure the application.
• Tools: This folder contains all scripts and automation tools developed and used to solve the Juice Shop challenges.
• Assets: All images used in the individual challenge write-ups are stored in this folder. These images illustrate the steps, results, and important concepts discussed in the write-ups.
• Files: Contains all files downloaded from the Juice Shop website during the challenges. These files were obtained as part of solving various challenges. You can use theses files to gain some time during the completion of the CTF.
• Achievements Backup: The all_achievements.json, located inside the Tools folder, is a backup of the progression state in the Juice Shop CTF, which, when applied, automatically validates most of the challenges. It is provided for reference and learning purposes.

Challenge Levels

Navigate to each folder to explore the challenges and solutions specific to that difficulty level:

• ⭐ 1-Star Challenges
• ⭐⭐ 2-Star Challenges
• ⭐⭐⭐ 3-Star Challenges
• ⭐⭐⭐⭐ 4-Star Challenges
• ⭐⭐⭐⭐⭐ 5-Star Challenges
• ⭐⭐⭐⭐⭐⭐ 6-Star Challenges

Recommendations

• Companion Guide: We highly recommend following along with the official OWASP Juice Shop companion guide for additional context and explanations that complement these write-ups.
• Self-Attempt Before Reference: While this repository is a valuable resource, we encourage you to attempt solving the challenges on your own before consulting the write-ups. This approach will maximize your learning experience and understanding of web application security.
• Workflow: To use this repository effectively, navigate to the challenge folder corresponding to your current challenge, read the write-up to understand the vulnerability and the remediation steps, and refer to the scripts or files as needed.

Note: For some challenges, not all screenshots are included in the write up, but if you need a more visual assistance, you can check inside the assets folder : there is chances that you find others screenshots for the current challenge.

Challenge list

Table of Contents

➤ Difficulty 1 Star (⭐)

• Bonus Payload - Cross-Site Scripting (XSS)
• Bully Chatbot - Application Logic
• Confidential Document - Sensitive Data Exposure
• DOM XSS - Cross-Site Scripting (XSS)
• Error Handling - Error Handling
• Exposed Metrics - Sensitive Data Exposure
• Mass Dispel - Improper Input Validation
• Missing Encoding - Improper Input Validation
• Outdated Allowlist - Unvalidated Redirects
• Privacy Policy - Information Disclosure
• Repetitive Registration - Improper Input Validation
• Scoreboard - Information Disclosure
• Web3 Interface - Broken Access Control
• Zero Star - Improper Input Validation

➤ Difficulty 2 Stars (⭐⭐)

• Admin Section - Broken Access Control
• Deprecated Interface - Security Misconfiguration
• Empty User Registration - Improper Input Validation
• Five-Star Feedback - Broken Access Control
• Login Admin - SQL Injection
• Login MC SafeSearch - Open Source Intelligence (OSINT)
• Meta GeoStaking - Sensitive Data Exposure
• NFT Takeover - Sensitive Data Exposure
• Password Strength - Broken Authentication
• View Basket - Broken Access Control
• Visual GeoStaking - Sensitive Data Exposure
• Weird Crypto - Cryptographic Issues
• White Hat - Open Source Intelligence (OSINT)
• Reflected XSS - Cross-Site Scripting (XSS)

➤ Difficulty 3 Stars (⭐⭐⭐)

• Admin Registration - Improper Input Validation
• Bjoern’s Favorite Pet - OSINT (Open Source Intelligence)
• CAPTCHA Bypass - Broken Anti-Automation
• CSRF - Broken Access Control
• Database Schema - Information Disclosure
• Deluxe Fraud - Improper Input Validation
• Forged Feedback - Broken Access Control
• Forged Review - Broken Access Control
• GDPR Data Erasure - Broken Authentication
• Login Amy - Brute Force / Cryptographic Issues
• Login Bender - Injection Flaws
• Login Jim - SQL Injection (SQLi)
• Manipulate Basket - Broken Access Control
• Mint the Honey Pot - Improper Input Validation
• Payback Time - Business Logic Errors
• Privacy Policy Inspection - Security through Obscurity
• Product Tempering - Broken Access Control
• Reset Jim's Password - OSINT
• Upload Size - Improper Input Validation

➤ Difficulty 4 Stars (⭐⭐⭐⭐)

• Access Log - Sensitive Data Exposure
• Allowlist Bypass - Broken Access Control
• Christmas Special - Injection
• Easter Egg - Broken Access Control
• Ephemeral Accountant - Injection
• Expired Coupon - Improper Input Validation
• Forgotten Sales Backup - Sensitive Data Exposure
• GDPR Data Theft - Sensitive Data Exposure
• Leaked Unsafe Product - Injection
• Legacy Typosquatting - Cryptographic Issues
• Login Bender - Broken Authentication
• Login Bjoern - Broken Authentication
• Login Uvogin - Broken Authentication
• Nested Easter Egg - Cryptographic Issues
• NoSQL Manipulation - Injection
• Poison Null Bytes - Injection
• Steganography - Security through Obscurity
• User Credentials - Injection
• Vulnerable Library - Vulnerable Components
• Server Side XSS Protection - Cross-Site Scripting (XSS)
• NoSQL Dos - NoSQL Injection / Denial of Service (DoS)
• X-Header XSS - Cross-Site Scripting (XSS)

➤ Difficulty 5 Stars (⭐⭐⭐⭐⭐)

• Blockchain Hype - Security through Obscurity
• Change Bender's Password - Broken Authentication
• Cross-Site Imaging - Cross-Site Request Forgery (CSRF)
• Email Leak - Security Misconfiguration
• Extra Language - Localization
• Frontend Typosquatting - Insecure Deserialization
• Kill Chatbot - Application Logic
• Leaked Access Log - Sensitive Data Exposure
• Reset Bjoern's Password - Broken Authentication
• Reset Morty's Password - Security Misconfiguration
• Retrieve Blowprint - Information Disclosure
• Supply Chain Attack - Vulnerable Components
• Two-Factor Authentication Bypass - Broken Authentication
• Unsigned JWT - Broken Authentication
• Local File Read - Server-Side Injection
• NoSQL Exfiltration - NoSQL Injection
• Blocked RCE Dos - Insecure Deserialization

➤ Difficulty 6 Stars (⭐⭐⭐⭐⭐⭐)

• Forged Coupon - Cryptography
• Forged Signed JWT - Vulnerable Components
• Imaginary Challenge - Cryptographic Issues
• Login Support Team - Security Misconfiguration
• Multiples Likes - Broken Anti-Automation
• Premium Paywall - Access Control
• SSRF - Server-Side Request Forgery
• SSTi - Server-Side Template Injection
• Wallet Depletion - Cryptographic Issues
• Video XSS - Cross-Site Scripting (XSS)
• Arbitrary File Write - Vulnerable Components
• Successful Rce Dos - Remote Code Execution (RCE) / Denial of Service (DoS)

Contributing

Even if the vast majority of challenges are covered by trhis repository, some of them remain not completed due to some technical constraints. Contributions to improve the write-ups, scripts, or any other resources in this repository are welcome. Please submit pull requests with your suggested changes or enhancements.

This repository is maintained by the community and is not officially part of the OWASP Juice Shop project. It serves as a collaborative platform for security enthusiasts and professionals to share knowledge and improve their skills in web application security.

Happy hacking!