본문 바로가기
보안 및 개발/ETC...

OWASP Juice shop & CTFd 환경 구성

by CH@3M 2020. 3. 17.

Flag key : ODXXXXXXXXXXXXXXXXXXXXXXX
(key생성 방법 : date +%s | sha256sum | base64 | head -c 32 ; echo)

참고사항 : 방화벽 port 열기

OWASP Juice shop setting

ubuntu 20.04

Juice shop -Docker Container

  1. Install Docker
  2. Run docker pull bkimminich/juice-shop
  3. Run docker run --rm -p 3000:3000 bkimminich/juice-shop
  4. Browse to http://localhost:3000 (IP:3000 port 접속)
    (on macOS and Windows browse to http://192.168.99.100:3000
    if you are using docker-machine instead of the native docker installation)

Juice shop CTF - ctfd

npm install -g juice-shop-ctf-cli
juice-shop-ctf

Generate OWASP Juice Shop challenge archive for setting up CTFd, FBCTF or RootTheBox score server
? CTF framework to generate data for? CTFd
? Juice Shop URL to retrieve challenges? https://juice-shop.herokuapp.com
? Secret key <or> URL to ctf.key file? ODXXXXXXXXXXXXXXXXXXXXXXX (나만의 플래그를 만들기 위해)
? Insert a text hint along with each challenge? Paid text hints (힌트 사용시 점수 -10)
? Insert a hint URL along with each challenge? Paid hint URLs (URL 힌트 사용시 점수 -20)

Backup archive written to /home/ctf/CTFd/OWASP_Juice_Shop.2020-06-03.CTFd.zip

After the import you will have to set up the CTF name and administrator credentials again!

For a step-by-step guide to import the ZIP-archive into CTFd, please refer to
https://pwning.owasp-juice.shop/part1/ctf.html#running-ctfd

생성된 zip파일은 CTFd > config > Backup > import 해야함 (자세한 내용은 아래의 juice shop을 CTFd에 이식하는 방법 에서 이어서 설명)

sudo docker run --rm -d -e "CTF_KEY=ODXXXXXXXXXXXXXXXXXXXXXXX" -e "NODE_ENV=ctf" -p 3000:3000 bkimminich/juice-shop

install nodejs

curl -sL https://deb.nodesource.com/setup_10.x | Sudo -E bash -
sudo apt-get install -y nodejs

install CTFd

  1. apt-get install git
  2. git clone https://github.com/CTFd/CTFd.git
  3. cd CTFd
  4. apt install docker-compose
  5. docker-compose up -d (-d : background 실행)

juice shop을 CTFd에 이식하는 방법

https://pwning.owasp-juice.shop/part1/ctf.html#running-ctfd

  1. Go to the section Admin > Config > Backup and choose Import
  2. Select the generated .zip file and make sure only the Challenges box is ticket. Press Import.
  3. (Only for CTFd 2.0.x) Dismiss any occurring Internal Server Error alert popup after import and restart your CTFd server.
  4. (Only for CTFd 2.x) Repeat the initial admin and CTF setup from step 4. to regain access to the CTF game. It is now pre-populated with the Juice Shop challenges.

Reference Link

내가 설정한 hash값을 이용한 flag가 일치하는지 확인 완료

 

반응형
저작자표시 비영리 동일조건

'보안 및 개발 > ETC...' 카테고리의 다른 글

[Git] SSL certificate problem: self-signed certificate in certificate chain 에러  (0) 2024.02.01
SonarQube in Windows  (0) 2021.12.12
Ethereum smart contracter  (0) 2019.10.07
git branch 사용하기  (0) 2019.10.07

관련글

티스토리툴바