Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shay_Levin
Admin
Admin

Vulnerable applications for testing - Guide

Hi, 

I have been asked about the the vulnerable applications i use in the workshop.

I used two application:

Damn Small Vulnerable Web - Link

OWASP Juice Shop - Link

The fastest and the easiest way to run them is by using Azure Container Instances (ACI).

  1. Inside Azure Portal, Click on Cloud Shell
     

    cloudshell.jpg

     

 

      2. Run the commands:

az group create --name exploitgroup --location eastus  

az container create --resource-group exploitgroup --name exploit --image appsecco/dsvw --dns-name-label exploit --ports 8000

az container create --resource-group exploitgroup --name juice --image bkimminich/juice-shop --dns-name-label juice --ports 3000

 

4 Replies
kamaladmire1
Participant
Participant

Hi Shay. 

I am having issued when running these commands on the UKWEST,  however these works fine previously but not working anymore, I have tried for EASTUS and it works. my issues is my subscription from the office only support for UKWEST and UKSOUTH. 

can you please help 

A: Create Group

az group create --name exploitgroup --location ukwest

B: Create  Exploit Website

az container create --resource-group exploitgroup --name exploit --image appsecco/dsvw --dns-name-label exploit --ports 8000

C: Create Juiceshop- Workshop

az container create --resource-group exploitgroup --name juice --image bkimminich/juice-shop --dns-name-label juice --ports 3000

 

Regards

 

Kamal 

0 Kudos
Shay_Levin
Admin
Admin

I'm experiencing the same issue when I deploy in the UK West.

It's an Azure issue; you will need to open a ticket ...

 

0 Kudos
kamaladmire1
Participant
Participant

Thanks Shay, I have noticed recently Azure must have done something which causing issued in different places. i,e.

Azure Cloudguard HA deployment

it used to work when you have create a http rule on frontend LB with floating IP enable and create the NAT and access rules on firewall, all backend static route, peering etc all created but you can access backend web server from LB public IP:

Access RULE: source ANY -- Dest: LB Public -- Service: http

NAT rule: source ANY -- Dest: LB Public -- OrgService: http  --Translate Dest: Webserver internal IP

however if I create a NAT rule like below it works

NAT rule: source home Public IP 149.10.x.x -- Dest: LB Public -- OrgService: http  --Translate source <Active FW IP>--Translate Dest: Webserver internal IP

when run tcpdump I can see the traffic arrive on Eth0 and correctly leave internal interface Eth1 but I don't see traffic arriving on internal web interface, it just lost somewhere seems its a routing issue with Azure. 

I have also tested to ping and telnet from Firewall member A and B to internal webserver and I can ping and telnet on port 80 so its clearly not an issue with configuration but the Azure internal architectural issue.

this also deployed on UKWEST

I have opened a case with TAC and they said its a Azure routing issue open a ticket with them. 

maybe you can try the same, 

 

Regards

 

 

 

 

 

 

0 Kudos
Shay_Levin
Admin
Admin

I don't think it's right to conclude that if they have a container deployment issue in a specific region, they also have a problem that is related to routing.

I believe it's a configuration issue. 

Feel fee to drop me private message and we can schedule a call to take a look on it together

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.