Who will p0wn the hardest?
Let's have some fun today!
OWASP has a deliciously insecure site known as JuiceShop
https://juice-shop.herokuapp.com/#
It's a wonderland for the aspiring cyber analyst, a shining example of Worst Practices when building a website.
You can challenge yourself to go in blind, or get some hints here
https://pwning.owasp-juice.shop/companion-guide/latest/index.html
Some tools to get you started:
Dirbuster - enumerate directories
Argus - all-in-one site recon
Ffuf - URL fuzzing
SecLists - all the wordlists you coud ever want
@Everyone
What's your first line of attack?
API endpoint enumeration
Privilege escalation
XSS
SQL injection
68 Views
This looks fun!