Skip to main content

Apparently there are some vulnerabilities in Juiceshop that won't work if you use install it with docker and some other methods. XXE Data Access is one that doesn't work with the docker installation. I install Juiceshop form sources with nodejs so every vulnerability is supported. I also use fish shell and there is a little extra setup for fish.

Instead of installing nodejs with apt, it's better to use nvm. With nvm you can install multiple versions of node and switch back and forth between versions. Check the github for the latest version.
github.com/nvm-sh/nvm

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.2/install.sh | bash

After it's installed you need to make sure it adds these lines to .zshrc or .bashrc, whichever one you are using.

"Running either of the above commands downloads a script and runs it. The script clones the nvm repository to ~/.nvm, and attempts to add the source lines from the snippet below to the correct profile file (~/.bash_profile, ~/.zshrc, ~/.profile, or ~/.bashrc)."

export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm

If you are using fish (github.com/fish-shell/fish-shell), you'll need to install a few more things and create a config file.

Install fisher: github.com/jorgebucaran/fisher

curl -sL https://raw.githubusercontent.com/jorgebucaran/fisher/main/functions/fisher.fish | source && fisher install jorgebucaran/fisher

Install bass: github.com/edc/bass

fisher install edc/bass

Create nvm.fish config file:

~/.config/fish/functions/nvm.fish

Add a function to the config file:

function nvm
    bass source ~/.nvm/nvm.sh --no-use ';' nvm $argv
end

Now you should be able to start using nvm to install node.

List remote versions:

nvm ls-remote

Install a specific version number (at the time I posted this):

nvm install 18.11.0

It should automatically set the version you're using to the one you just installed, but you can switch to the version you installed. You'll need to do this when you reboot Kali:

nvm use 18.11.0

List local versions

nvm ls

See the nvm github page for more commands.

nodejs 18.11.0 should be ready to use now along with npm.

Now it's time to install Juiceshop.

github.com/juice-shop/juice-shop#from-sources

1. Install node.js (Done. Using the nvm version that was just installed)
2. Run git clone https://github.com/juice-shop/juice-shop.git --depth 1 (or clone your own fork of the repository)
  A. I created a directory called Scripts and cloned it in there.
3. Go into the cloned folder with cd juice-shop
4. Run npm install (only has to be done before first start or when you change the source code)
5. Run npm start
6. Browse to http://localhost:3000

Juiceshop should be up and running. Now you can perform an attack on any vulnerability and it will work.

Tags