Exercise Title: Exploiting Cross-Site Request Forgery (CSRF) Vulnerabilities in DVWA
using Kali Linux

Level: Low

Objective: The objective of this exercise is to exploit a CSRF vulnerability in the DVWA web
application using Kali Linux.

Instructions:

  1. Start your Kali Linux machine and open a web browser.
  2. In the address bar, enter the IP address of the DVWA web application (e.g.,
    http://192.168.1.100/DVWA/).
  3. Log in to the application using the default credentials (username: admin, password:
    password).
  4. Navigate to the “CSRF” page by clicking on the “CSRF” link in the main menu.
  5. Inspect the page’s HTML source code and look for any form or input elements that
    can be used to perform an action on the server.
  6. Create a simple HTML file containing a form with the same action and input elements
    as the original form, but with a different value for the input element (e.g., a different
    password).
  7. Host the HTML file on a web server that you control (e.g., using Apache) and send
    the link to the victim.
  8. When the victim clicks on the link, the form will be submitted, and the password will
    be changed to the value you specified.

Level: Medium

Objective: The objective of this exercise is to exploit a CSRF vulnerability in the DVWA web
application using Kali Linux and bypass any anti-CSRF measures that may be in place.

Instructions:

  1. Start your Kali Linux machine and open a web browser.
  2. In the address bar, enter the IP address of the DVWA web application (e.g.,
    http://192.168.1.100/DVWA/).
  3. Log in to the application using the default credentials (username: admin, password:
    password).
  4. Navigate to the “CSRF” page by clicking on the “CSRF” link in the main menu.
  5. Inspect the page’s HTML source code and look for any anti-CSRF measures that
    may be in place, such as a hidden input element with a random value, or a token that
    must be included in the form data.
  6. Create a simple HTML file containing a form with the same action and input elements
    as the original form, but with the same anti-CSRF measures included.
  7. Host the HTML file on a web server that you control (e.g., using Apache) and send
    the link to the victim.
  8. When the victim clicks on the link, the form will be submitted, and the anti-CSRF
    measures will be bypassed.

Level: High

Objective: The objective of this exercise is to exploit a CSRF vulnerability in the DVWA web
application using Kali Linux and bypass any anti-CSRF measures that may be in place, while
also evading detection.

Instructions:

  1. Start your Kali Linux machine and open a web browser.
  2. In the address bar, enter the IP address of the DVWA web application (e.g.,
    http://192.168.1.100/DVWA/).
  3. Log in to the application using the default credentials (username: admin, password:
    password).
  4. Navigate to the “CSRF” page by clicking on the “CSRF” link in the main menu.
  5. Inspect the page’s HTML source code and look for any anti-CSRF measures that
    may be in place, such as a
Purple Hackademy

Online platform to test and advance your skills to apply for a job in cyber security industry.

Solutions
Training Platform
Support
Open chat
Hello 👋.
Tell me, how can I help you?