Unofficial VirtualBox virtual machine instance of OWASP Juice Shop
Contributors: Aut0exec
- Devuan Daedalus instance
- Pre-installed and configured to auto start on boot
- OWASP Juice Shop version 15.0.1 Node 18
- VAmPI - Vulnerable API
While there shouldn't be a need to log in to the console, should one need to, the information is as follows:
Low privilege user - user:Password123
Root privilege user - root:juiceisworththesqueeze
WARNING! Juice Shop is designed to be vulnerable. DO NOT connect this VM to the Internet or sensitive networks.
- Download the OVA from the releases page
- Launch virtualbox
- File -> Import Appliance
- Under the source section, select Local File System and then navigate to the location where the OVA file was downloaded
- The default settings should be sufficient on the right side of the import window
- Click Import in the bottom right to import the appliance
- Once the import finishes, start Juice Shop. The machine expects a DHCP server to be present and will automatically request an address.
- VirtualBox will automatically configure port forwards from the host to the guest for ports TCP/3000 and TCP/5000. Any scanning or interaction from the host with the virtual machine can be done via 127.0.0.1:3000 or 127.0.0.1:5000.
- Thanks for the vulnerable API to add to this project!
- Thanks for maintaining, releasing, and developing Juice Shop and a number of amazing other projects!
- Thanks for creating, maintaining, and providing the virtualbox hypervisor!
- Keep up the great work on such an awesome fork of Debian!