Skip to content

Latest commit

 

History

History
174 lines (138 loc) · 11.5 KB

README.md

File metadata and controls

174 lines (138 loc) · 11.5 KB

OWASP Juice Shop Write-Up

Welcome to the GitHub repository dedicated to providing comprehensive write-ups for the OWASP Juice Shop CTF challenges. OWASP Juice Shop is an intentionally insecure web application designed for training, demonstrating, and testing security tools and techniques. This repository aims to offer step-by-step solutions, detailed descriptions of vulnerabilities exploited, and recommended remediations for each challenge.

Table of Contents

Repository Structure

  • Challenges: Solutions are organized into folders based on their difficulty level, ranging from 1 to 6 stars (⭐-⭐⭐⭐⭐⭐⭐). Each challenge's folder contains a detailed write-up that walks through the approach taken to exploit vulnerabilities and secure the application.
  • Tools: This folder contains all scripts and automation tools developed and used to solve the Juice Shop challenges.
  • Assets: All images used in the individual challenge write-ups are stored in this folder. These images illustrate the steps, results, and important concepts discussed in the write-ups.
  • Files: Contains all files downloaded from the Juice Shop website during the challenges. These files were obtained as part of solving various challenges. You can use theses files to gain some time during the completion of the CTF.
  • Achievements Backup: The all_achievements.json, located inside the Tools folder, is a backup of the progression state in the Juice Shop CTF, which, when applied, automatically validates most of the challenges. It is provided for reference and learning purposes.

Challenge Levels

Navigate to each folder to explore the challenges and solutions specific to that difficulty level:

Recommendations

  • Companion Guide: We highly recommend following along with the official OWASP Juice Shop companion guide for additional context and explanations that complement these write-ups.
  • Self-Attempt Before Reference: While this repository is a valuable resource, we encourage you to attempt solving the challenges on your own before consulting the write-ups. This approach will maximize your learning experience and understanding of web application security.
  • Workflow: To use this repository effectively, navigate to the challenge folder corresponding to your current challenge, read the write-up to understand the vulnerability and the remediation steps, and refer to the scripts or files as needed.

Note: For some challenges, not all screenshots are included in the write up, but if you need a more visual assistance, you can check inside the assets folder : there is chances that you find others screenshots for the current challenge.

Challenge list

Table of Contents

➤ Difficulty 1 Star (⭐)

➤ Difficulty 2 Stars (⭐⭐)

➤ Difficulty 3 Stars (⭐⭐⭐)

➤ Difficulty 4 Stars (⭐⭐⭐⭐)

➤ Difficulty 5 Stars (⭐⭐⭐⭐⭐)

➤ Difficulty 6 Stars (⭐⭐⭐⭐⭐⭐)

Contributing

Even if the vast majority of challenges are covered by trhis repository, some of them remain not completed due to some technical constraints. Contributions to improve the write-ups, scripts, or any other resources in this repository are welcome. Please submit pull requests with your suggested changes or enhancements.

This repository is maintained by the community and is not officially part of the OWASP Juice Shop project. It serves as a collaborative platform for security enthusiasts and professionals to share knowledge and improve their skills in web application security.

Happy hacking!