1
00:00:00,150 --> 00:00:00,500
All right.

2
00:00:00,510 --> 00:00:06,110
So now we're going to work on installing a less juice shop so to be able to do that.

3
00:00:06,120 --> 00:00:13,200
We're going to have to do a few installs prior to in one of those is going to be Docker.

4
00:00:13,200 --> 00:00:18,450
So we're going to install Docker and it's a little bit complex when it comes to Kelly Linux at least

5
00:00:18,450 --> 00:00:20,340
what we have to type in the terminal.

6
00:00:20,340 --> 00:00:25,700
So let's go ahead and open up a terminal and let's open up Firefox and I'm going to take you to a Web

7
00:00:25,700 --> 00:00:28,760
site where we can just kind of copy paste things and I think it's really great.

8
00:00:29,370 --> 00:00:37,030
So if we just go to Google and we say install Docker Kelly something like that.

9
00:00:37,230 --> 00:00:42,300
The first one that should come up is installing Docker and Kelly Linux updated for twenty nineteen point

10
00:00:42,300 --> 00:00:43,560
four.

11
00:00:43,560 --> 00:00:45,480
Go ahead and click on that.

12
00:00:45,480 --> 00:00:49,650
I will also be adding this to the references down below.

13
00:00:49,680 --> 00:00:54,540
So what we're going to do is we're just going to scroll down a little bit and we're going to go into

14
00:00:54,540 --> 00:00:57,400
the preparation section here.

15
00:00:57,570 --> 00:01:02,040
So now it saying that we have to ensure that Carly is fully up to date.

16
00:01:02,040 --> 00:01:04,810
We don't have to do that here it's going to be OK.

17
00:01:04,820 --> 00:01:10,410
So let's just go ahead and grab this and we'll copy and paste

18
00:01:13,500 --> 00:01:13,930
OK.

19
00:01:13,940 --> 00:01:16,120
You should get the OK back now.

20
00:01:16,180 --> 00:01:16,620
Go ahead.

21
00:01:16,620 --> 00:01:23,840
Just copy the next line and paste.

22
00:01:23,850 --> 00:01:24,510
All right.

23
00:01:24,570 --> 00:01:27,180
Now we just need to run apt update.

24
00:01:27,390 --> 00:01:27,690
OK.

25
00:01:27,720 --> 00:01:29,900
So just type an apt update.

26
00:01:32,460 --> 00:01:34,040
And that will update this.

27
00:01:34,080 --> 00:01:36,030
And now we are updated.

28
00:01:36,030 --> 00:01:45,870
So now what we need to do is just run app to install Docker dash C E so apps install Doctor dash see

29
00:01:47,280 --> 00:01:50,160
and this is going to be three hundred eighty five megabytes.

30
00:01:50,160 --> 00:01:51,150
So go ahead and hit.

31
00:01:51,360 --> 00:01:55,830
Yes on this except that it's going to take a little bit to install.

32
00:01:55,840 --> 00:01:56,250
OK.

33
00:01:56,760 --> 00:02:00,900
So what we're going to do is we're to talk about a lost you shop while this is installing.

34
00:02:01,290 --> 00:02:08,700
So let's go ahead and go out to Google and open up a lost you shop and kind of get an understanding

35
00:02:08,700 --> 00:02:09,330
for what it is.

36
00:02:09,360 --> 00:02:16,050
So with Google there let's go and just type o lost juice shop and there's two pages I'm going I want

37
00:02:16,050 --> 00:02:19,650
you to open the first page is this github page here.

38
00:02:19,650 --> 00:02:25,920
So go ahead and right click open in new tab and then let's also open up this get books that Io page

39
00:02:26,250 --> 00:02:29,810
and I'll provide references to these as well if you need them.

40
00:02:29,860 --> 00:02:37,240
So what we're gonna do is if we scroll down just a bit we're going to be following the docker instructions

41
00:02:37,240 --> 00:02:38,960
on the install down here.

42
00:02:39,070 --> 00:02:40,380
So you can see Doctor container.

43
00:02:40,390 --> 00:02:45,910
We got to install Docker and then we're going to run these specific commands here before we do that.

44
00:02:45,910 --> 00:02:47,530
What is juice shop.

45
00:02:47,530 --> 00:02:53,320
Well juice shop is made by a wasp and it is a vulnerable Web site.

46
00:02:53,350 --> 00:02:59,080
They have a fake ID you shop online and where it is going to go out and we're going to attack it and

47
00:02:59,080 --> 00:03:05,740
we're going to utilize our attacks to earn a bunch of the different oh lost top tens and there are a

48
00:03:05,740 --> 00:03:07,710
couple of different ways to deploy this.

49
00:03:07,750 --> 00:03:13,120
We could actually really easily deploy on Heroku which would bring it out and you can attack this via

50
00:03:13,120 --> 00:03:17,100
the worldwide web and this would not be local to your machine.

51
00:03:17,110 --> 00:03:18,060
Anybody could attack it.

52
00:03:18,060 --> 00:03:23,110
It's not a big deal it's not you know it's made to be vulnerable there's nothing out there that would

53
00:03:23,110 --> 00:03:24,770
leak information about you.

54
00:03:24,820 --> 00:03:27,840
However there's a couple attacks that cannot be performed on this.

55
00:03:27,840 --> 00:03:29,610
So that's why I'm going to Docker out.

56
00:03:29,710 --> 00:03:35,170
You could just as easily go this route if you want to and just watch and learn on two of the attacks.

57
00:03:35,170 --> 00:03:39,910
Otherwise let's go ahead and do the docker installation so let's finish this out and let's talk about

58
00:03:40,450 --> 00:03:42,310
the give book as well.

59
00:03:42,310 --> 00:03:50,910
So on the docker I to is as Docker pull here so go ahead and copy this and paste and that's going to

60
00:03:50,910 --> 00:03:57,500
pull down juice shop which may take a minute or two depending on your internet speed and minds done

61
00:03:57,540 --> 00:03:58,670
so if you need a pause.

62
00:03:58,680 --> 00:04:03,730
Feel free to pause as always and then we're just gonna run this doctor here in the ship boot up juice

63
00:04:03,740 --> 00:04:04,280
shop.

64
00:04:05,340 --> 00:04:06,450
Go ahead and run that

65
00:04:10,010 --> 00:04:11,510
and port three thousand.

66
00:04:11,510 --> 00:04:13,760
Server is listening on port three thousand.

67
00:04:13,790 --> 00:04:14,330
Perfect.

68
00:04:14,330 --> 00:04:15,350
That's what we want.

69
00:04:15,350 --> 00:04:15,670
Go ahead.

70
00:04:15,710 --> 00:04:19,120
Open up local host three thousand here in a new tab.

71
00:04:20,430 --> 00:04:22,350
And boom we have it working.

72
00:04:22,350 --> 00:04:24,000
So this is the juice shop.

73
00:04:24,000 --> 00:04:25,990
Congratulations your applications running.

74
00:04:26,160 --> 00:04:27,540
So here.

75
00:04:27,540 --> 00:04:29,520
Go ahead and just just to miss this.

76
00:04:29,610 --> 00:04:35,110
You can see we have a Web site and we're going to pen test against this Web site before we do that.

77
00:04:35,110 --> 00:04:42,280
And before we start getting into this the get book is the fantastic resource of the course.

78
00:04:42,310 --> 00:04:49,360
Missy if I can make this a little bit bigger so the guidebook has not only just an overview of what's

79
00:04:49,360 --> 00:04:50,420
here.

80
00:04:50,530 --> 00:04:52,480
It has all the challenges here.

81
00:04:52,480 --> 00:04:56,410
So what we're going to be after and what we're going to find here shortly into the course is that we're

82
00:04:56,770 --> 00:05:02,410
we're actually going to have a scoreboard full of challenges and these challenges range from one star

83
00:05:02,410 --> 00:05:04,710
challenges all the way to like seven star.

84
00:05:04,720 --> 00:05:09,850
So a one star challenge is pretty easy seven stars like really really hard to do.

85
00:05:09,880 --> 00:05:14,350
I'm going to cover these in the best way that I think possible we're not going to cover every single

86
00:05:14,350 --> 00:05:15,200
one of these.

87
00:05:15,280 --> 00:05:22,090
We're going to cover what's applicable to learning the top 10 my thoughts for you are that you should

88
00:05:22,090 --> 00:05:26,850
still come through here and challenge yourself to work through some of these challenges.

89
00:05:26,860 --> 00:05:32,380
So while we only will cover the top 10 and we can learn about those if there's a topic in here that

90
00:05:32,380 --> 00:05:33,940
you want to learn about it's really great.

91
00:05:33,940 --> 00:05:38,200
Like say x x x x well external M.D. here we click on it.

92
00:05:38,290 --> 00:05:44,890
It tells you what X X these are and then it says hey we've got two challenges related to this and here's

93
00:05:44,890 --> 00:05:46,630
the difficulty for them.

94
00:05:46,810 --> 00:05:51,550
So you can go and look up these challenges and try to solve them.

95
00:05:51,550 --> 00:05:54,970
And if you can't solve them or you can't figure out where it is.

96
00:05:55,000 --> 00:05:55,630
Well guess what.

97
00:05:55,630 --> 00:06:02,560
You can go to the challenge solutions down here and you can scroll down you can look for it under these

98
00:06:02,560 --> 00:06:08,260
three star challenges for example or you could just do a control F and find the execs Steve challenge

99
00:06:08,620 --> 00:06:10,000
and solve it that way as well.

100
00:06:10,030 --> 00:06:16,090
So it's got the challenges the solutions and all the different ways to click on this and sort.

101
00:06:16,120 --> 00:06:19,940
And when we get to the scoreboard in the app I'll show you how to sort through that as well.

102
00:06:19,960 --> 00:06:25,800
So you should have your app up and running and we should start being ready to be able to attack this.

103
00:06:25,810 --> 00:06:32,260
So in the next couple of videos we're just going to focus on installing a couple more things and exploring

104
00:06:32,260 --> 00:06:39,190
burp sweet and kind of starting to scan our Web site with brb suite and just as a precursor to getting

105
00:06:39,190 --> 00:06:41,570
in and learning some of these attacks.

106
00:06:41,590 --> 00:06:42,900
So that's it for this lesson.

107
00:06:42,910 --> 00:06:44,470
I'll go ahead and catch you in the next video.

108
00:06:44,470 --> 00:06:47,260
We install Foxy proxy which we'll need for Rip sweet.