topic Re: Vulnerable applications for testing - Guide in WAF

Vulnerable applications for testing - Guide

Shay_Levin — Mon, 21 Nov 2022 10:58:45 GMT

Hi,

I have been asked about the the vulnerable applications i use in the workshop.

I used two application:

Damn Small Vulnerable Web - Link

OWASP Juice Shop - Link

The fastest and the easiest way to run them is by using Azure Container Instances (ACI).

Inside Azure Portal, Click on Cloud Shell

2. Run the commands:

az group create --name exploitgroup --location eastus

az container create --resource-group exploitgroup --name exploit --image appsecco/dsvw --dns-name-label exploit --ports 8000

az container create --resource-group exploitgroup --name juice --image bkimminich/juice-shop --dns-name-label juice --ports 3000

Re: Vulnerable applications for testing - Guide

kamaladmire1 — Mon, 12 Feb 2024 17:24:10 GMT

Hi Shay.

I am having issued when running these commands on the UKWEST, however these works fine previously but not working anymore, I have tried for EASTUS and it works. my issues is my subscription from the office only support for UKWEST and UKSOUTH.

can you please help

A: Create Group

az group create --name exploitgroup --location ukwest

B: Create Exploit Website

az container create --resource-group exploitgroup --name exploit --image appsecco/dsvw --dns-name-label exploit --ports 8000

C: Create Juiceshop- Workshop

az container create --resource-group exploitgroup --name juice --image bkimminich/juice-shop --dns-name-label juice --ports 3000

Regards

Kamal

Re: Vulnerable applications for testing - Guide

Shay_Levin — Tue, 13 Feb 2024 14:09:09 GMT

I'm experiencing the same issue when I deploy in the UK West.

It's an Azure issue; you will need to open a ticket ...

Re: Vulnerable applications for testing - Guide

kamaladmire1 — Wed, 14 Feb 2024 10:21:13 GMT

Thanks Shay, I have noticed recently Azure must have done something which causing issued in different places. i,e.

Azure Cloudguard HA deployment

it used to work when you have create a http rule on frontend LB with floating IP enable and create the NAT and access rules on firewall, all backend static route, peering etc all created but you can access backend web server from LB public IP:

Access RULE: source ANY -- Dest: LB Public -- Service: http

NAT rule: source ANY -- Dest: LB Public -- OrgService: http --Translate Dest: Webserver internal IP

however if I create a NAT rule like below it works

NAT rule: source home Public IP 149.10.x.x -- Dest: LB Public -- OrgService: http --Translate source <Active FW IP>--Translate Dest: Webserver internal IP

when run tcpdump I can see the traffic arrive on Eth0 and correctly leave internal interface Eth1 but I don't see traffic arriving on internal web interface, it just lost somewhere seems its a routing issue with Azure.

I have also tested to ping and telnet from Firewall member A and B to internal webserver and I can ping and telnet on port 80 so its clearly not an issue with configuration but the Azure internal architectural issue.

this also deployed on UKWEST

I have opened a case with TAC and they said its a Azure routing issue open a ticket with them.

maybe you can try the same,

Regards

Re: Vulnerable applications for testing - Guide

Shay_Levin — Wed, 14 Feb 2024 12:05:46 GMT

I don't think it's right to conclude that if they have a container deployment issue in a specific region, they also have a problem that is related to routing.

I believe it's a configuration issue.

Feel fee to drop me private message and we can schedule a call to take a look on it together