OWASP Juice Shop - TryHackMe Write-up
Info
- Name: OWASP Juice Shop
- Description: This room uses the Juice Shop vulnerable web application to learn how to identify and exploit common web application vulnerabilities.
- Difficulty: Easy
- Room link: https://tryhackme.com/room/owaspjuiceshop
Write-up
Task 2
Q: What's the Administrator's email address?
A: admin@juice-sh.op
Q: What parameter is used for searching?
A: q
Q: What show does Jim reference in his review?
A: Star Trek
Task 3
Q: Log into the administrator account!
A: 32a5e0f21372bcc1000a6088b93b458e41f0e02a
Q: Log into the Bender account!
A: fb364762a3c102b2db932069c0e6b78e738d4066
Task 4
Q: Bruteforce the Administrator account's password!
A: c2110d06dc6f81c67cd8099ff0ba601241f1ac0e
Q: Reset Jim's password!
A: 094fbc9b48e525150ba97d05b942bbf114987257
Task 5
Q: Access the Confidential Document!
A: edf9281222395a1c5fee9b89e32175f1ccf50c5b
Q: Log into MC SafeSearch's account!
A: 66bdcffad9e698fd534003fbb3cc7e2b7b55d7f0
Q: Download the Backup file!
A: bfc1e6b4a16579e85e06fee4c36ff8c02fb13795
Task 6
Q: Access the administration page!
A: 946a799363226a24822008503f5d1324536629a0
Q: View another user's shopping basket!
A: 41b997a36cc33fbe4f0ba018474e19ae5ce 52121
Q: Remove all 5-star reviews!
A: 50c97bcce0b895e446d61c83a21df371ac2266ef
Task 7
Q: Perform a DOM XSS!
A: 9aaf4bbea5c30d00a1f5bbcfce4db6d4b0efe0bf
Q: Perform a persistent XSS!
A: 149aa8ce13d7a4a8a931472308e269c94dc5f156
Q: Perform a reflected XSS!
A: 23cefee1527bde039295b2616eeb29e1edc660a0
Task 8
Q: Access the /#/score-board/ page
A: 7efd3174f9dd5baa03a7882027f2824d2f72d86e
