I’ve been asked a bunch about doing a walkthrough of the TryHackMe OWASP Juice Shop, so I figured it was time. This is another great Burp Suite room that builds on top of looking at specific OWASP Top 10 vulnerabilities. In this room we are dealing specifically with: Injection, Broken Authentication, Sensitive Data Exposure, Broken Access Control, and the infamous Cross-Site Scripting (XSS)!
For those not familiar with Burp Suite, it’s a framework of web application pentesting tools, and is arguably the most widely used tool set when it comes to conducting web pentesting. In this walkthrough, we focus mostly on Proxy, Responder, and Intruder.
Below I’m going to share with you my answers when going through the knowledge checks in the different tasks in the room. Definitely try to work through the problems as much as you can. Make sure to follow along in the video so you understand what you need to do to get the answers below. This particular room, the questions require you to do some type of configuration and testing with the Burp Suite toolset and web browser.
OWASP Juice Shop Task 2 – Let’s go on an adventure!
OWASP Juice Shop Task 3 – Inject the juice
OWASP Juice Shop Task 4 – Who broke my lock?!
OWASP Juice Shop Task 5 – AH! Don’t look!
OWASP Juice Shop Task 6 – Who’s flying this thing?
OWASP Juice Shop Task 7 – Where did that come from?
OWASP Juice Shop Task 8 – Exploration!
Network Knowledge Wrap Up
Keep an eye out as I continue to work through other TryHackMe rooms!
Here is the CompTIA Pentest+ training book bundle I used to pass my PenTest+. (Affiliate Link)
TryHackMe OWASP Juice Shop room