Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 20:34
    Travis bkimminich/juice-shop (develop) still failing (8567)
  • 19:41
    Travis bkimminich/juice-shop (develop) still failing (8567)
  • 19:23
    Travis bkimminich/juice-shop (develop) still failing (8566)
  • 19:13

    bkimminich on develop

    New translations en.json (Germa… New translations en.json (Kling… New translations en.json (Lithu… and 38 more (compare)

  • 19:13
    bkimminich closed #1266
  • 19:00
    bkimminich synchronize #1266
  • 19:00

    bkimminich on l10n_develop

    New translations en.json (Germa… (compare)

  • 18:53

    bkimminich on l10n_develop

    New translations en.json (Urdu … (compare)

  • 18:53
    bkimminich synchronize #1266
  • 18:53

    bkimminich on l10n_develop

    New translations en.json (Danis… (compare)

  • 18:53
    bkimminich synchronize #1266
  • 18:53

    bkimminich on l10n_develop

    New translations en.json (Dutch… (compare)

  • 18:53
    bkimminich synchronize #1266
  • 18:53

    bkimminich on l10n_develop

    New translations en.json (Finni… (compare)

  • 18:53
    bkimminich synchronize #1266
  • 18:53

    bkimminich on l10n_develop

    New translations en.json (Frenc… (compare)

  • 18:53
    bkimminich synchronize #1266
  • 18:53

    bkimminich on l10n_develop

    New translations en.json (Georg… (compare)

  • 18:53
    bkimminich synchronize #1266
  • 18:53

    bkimminich on l10n_develop

    New translations en.json (Germa… (compare)

Armando Orozco
@linuxy14_gitlab
image.png
Armando Orozco
@linuxy14_gitlab
@J12934 so what is the solution?
Maybe the image is not well done?
Jannik Hollenbach
@J12934
Just wanted to make sure you’re not on a older image version.
Im currently not on my laptop. Will try later if the image works on my machine
Armando Orozco
@linuxy14_gitlab
thanks :)
Jannik Hollenbach
@J12934
Screenshot 2019-12-06 at 19.37.49.png
@linuxy14_gitlab the image is working for me.
What docker version are you running?
Armando Orozco
@linuxy14_gitlab

Client:
Version: 17.12.1-ce
API version: 1.35
Go version: go1.9.4
Git commit: 7390fc6
Built: Tue Jul 31 14:59:08 2018
OS/Arch: linux/amd64

Server:
Engine:
Version: 17.12.1-ce
API version: 1.35 (minimum version 1.12)
Go version: go1.9.4
Git commit: 7390fc6
Built: Wed Feb 28 17:46:05 2018
OS/Arch: linux/amd64
Experimental: false

Björn Kimminich
@bkimminich
I just used the latest image on my Chromebook like 2 days ago and it worked just fine
Armando Orozco
@linuxy14_gitlab
that must be the problem
thanks you :)
Björn Kimminich
@bkimminich
Maybe you can try a few explicit version tags like v9.2.0 or v9.0.0 because if those also don't work it's definitely not an image problem.
Armando Orozco
@linuxy14_gitlab
i have a outdated docker version https://docs.docker.com/engine/release-notes/#17121-ce that was the cause of the problem
Björn Kimminich
@bkimminich
🐳
Armando Orozco
@linuxy14_gitlab
i have updated docker

Client: Docker Engine - Community
Version: 19.03.5
API version: 1.40
Go version: go1.12.12
Git commit: 633a0ea838
Built: Wed Nov 13 07:25:58 2019
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 19.03.5
API version: 1.40 (minimum version 1.12)
Go version: go1.12.12
Git commit: 633a0ea838
Built: Wed Nov 13 07:24:29 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683

that is my version
still having the same problem, any idea about how to fix it?
Björn Kimminich
@bkimminich
I've got none, sorry. Did you try another installation option?
CyberSaiyan
@saiyan_cyber_twitter
I am installing juiceshop for ctfd. it is taking an extremely long time on this step [Generate OWASP Juice Shop challenge archive for setting up CTFd, FBCTF or RootTheBox score server] and I get "juiceshopctf_ctfd_1 exited with code 0". Is this normal?
Björn Kimminich
@bkimminich
You ran it as explained here? file:///android_asset/md/#docker-container-----
Haha, well the Docker section in the online Readme I meant... https://www.npmjs.com/package/juice-shop-ctf-cli
Armando Orozco
@linuxy14_gitlab
@bkimminich i will set up a heroku instance
Armando Orozco
@linuxy14_gitlab
finally, i can learn hacking now, i have deployed the instance :)
CyberSaiyan
@saiyan_cyber_twitter
so, I followed the instructions for running juiceshop on ctfd up until ctfd said that the ctf I have been putting together would be erased when I import the zip. I copied the docker-compose.yml from the first instance to the /juice-shop-ctf folder. I modified it to run on a different port. This is what happens when sudo docker-compose up is run
ctfd_1 | Generate OWASP Juice Shop challenge archive for setting up CTFd, FBCTF or RootTheBox score server
ctfd_1 | ? CTF framework to generate data for? (Use arrow keys)
ctfd_1 | ❯ CTFd
ctfd_1 | FBCTF
ctfd_1 | RootTheBox
juiceshopctf_ctfd_1 exited with code 0
Björn Kimminich
@bkimminich
@linuxy14_gitlab 👍
@saiyan_cyber_twitter I don't fully understand what you are doing and what you are trying to achieve... The juice-shop-ctf-cli tool is neither running the Juice Shop nor CTFd for you, it just makes setting up CTFd easier, because you can import the ZIP there. You still need to run Juice Shop instances yourself and paste the flags shown there into your CTFd server
If you just word by word follow the CTF guide in my online docs, where exactly do things go wrong for you?
CyberSaiyan
@saiyan_cyber_twitter
I have an instance of CTFd running. I created the challenges for this instance. I found juice-shop and wanted to incorporate into my CTFd. When following the instructions to load juice-shop i get a message from CTFd saying that all my challenges will be erased and replaced with the juice-shop challenges if I import the juice-shop zip. I do not want this. So, I decided to run a second docker instance with a new CTFd so that I can import the juice-shop challenges without losing the work I have already put into the CTFd that I created.
CyberSaiyan
@saiyan_cyber_twitter
The problem that I am running into now is not so much an issue with juice-shop but with running 2 docker containers with separate CTFds at the same time on different ports. I can't seem to get the config files edited correctly. If I run my CTFd on port 8000, then run the CTFd I want to run juice-shop in on port 16000, the port 8000 will shutdown.
Jannik Hollenbach
@J12934

@saiyan_cyber_twitter I still don't quite understand it.
What docker-compose file are you using? As far as i know JuiceShop doesn't provide one.

You should also be able to provide a port mapping in the docker-compose file so that the ports don't clash.
That's not something which JuiceShop can directly influence.

Björn Kimminich
@bkimminich
Ah, your CTFds clash, so it has nothing to do with Juice Shop... 😆
CyberSaiyan
@saiyan_cyber_twitter
No. I have come to realize that it has nothing to do with Juice shop. It is me not configuring docker correctly to run two ctfds at the same time
appreciate you @bkimminich and @J12934 for responding
keng swee
@yeokengswee_twitter
I'm currently attempting to overwrite the legal information file. I downloaded zip-slip.zip and submitted it as a complaint and also as a payload on /file-upload but I still see no results. What am I missing out?
Björn Kimminich
@bkimminich
@yeokengswee_twitter, what do you mean by "I downloaded zip-slip.zip"? Where is that from and what is it supposed to do?
keng swee
@yeokengswee_twitter
I prepared a zip file that is meant to be uploaded
As a file complaint and also as
A payload on burp, and use it to overwrite the legal information file. I got the file from Snyk on Github
Björn Kimminich
@bkimminich
You need to understand the directory depth and names to overwrite the right file. Snyk doesn't know that, I guess
Björn Kimminich
@bkimminich
If you want a working file,take a look at the /test/files folder in the Juice Shop repo. Maybe you can find out the difference to your own file.
keng swee
@yeokengswee_twitter
i see, now it makes sense. thanks!
CyberSaiyan
@saiyan_cyber_twitter
i got my docker issue sorted out. Now, when I complete a challenge I do not get the flag in the notifications.
Jannik Hollenbach
@J12934

@saiyan_cyber_twitter nice, what was the Problem?

Did you set the NODE_ENV like described in: https://pwning.owasp-juice.shop/part1/ctf.html

CTF Flags are not shown unless you have configured JuiceShop to run in CTF mode.

CyberSaiyan
@saiyan_cyber_twitter
im not sure. I followed the instructions. i do not have a config/ctf.yml, so i made one. could not get that to work. reset the docker and ran docker run -d -e "NODE_ENV=ctf" -p 3000:3000 bkimminich/juice-shop. still no flags. the notifications came up saying i completed the challenge but no flag to input in the ctfd
CyberSaiyan
@saiyan_cyber_twitter
also running npm start gives error even though npm update says newest verion already installed
CyberSaiyan
@saiyan_cyber_twitter
I GOT IT TO WORK!!!!!
CyberSaiyan
@saiyan_cyber_twitter
I updated to nodejs 12.x from 8.x and restarted the computer. When I did that, bash prompted me with an error that I had unexpected EOF in my bashrc file where I created an alias to run both juice-shop-ctf on ctfd and the docker command to run juice shop store in a single command. As soon as I fixed that, I started up docker the flags appeared. This has been quite the learning experience!!