How to Locate the Dashboard in OWASP Juice Shop

2025-02-032025-01-30 ~ Tom's IT Cafe ~ Leave a comment

The OWASP Juice Shop is a widely used platform in cyber security education and penetration testing, simulating a vulnerable web application where users can practice identifying and mitigating security flaws in a controlled environment. One core challenge in Juice Shop is finding hidden functionality, such as the admin dashboard, which often includes sensitive operations and insights into an application’s internal workings. This guide will walk you through finding the Juice Shop dashboard, highlighting techniques that improve your penetration testing skills in real-world scenarios.

Note: This article is intended for educational and authorized penetration testing purposes only. Always obtain explicit permission before testing any live system.

Continue reading →

How to brute force a web application password with Burp Suite? Basic dictionary attack in practice!

2023-01-272023-04-28 ~ Tom's IT Cafe ~ Leave a comment

With Burp Suite we can initiate dictionary attacks against a website. This time in this simulated attack we will brute force the login field of the Juice Shop web application. We already know the email address of an admin user, so we have to make sure to find the right password.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading →

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31