Objective: To practice and demonstrate the ability to successfully upload a malicious file and
execute it on the DVWA web application at all levels of difficulty.
Prerequisites:
- A Kali Linux machine with the DVWA web application installed.
- Basic understanding of web application vulnerabilities and file upload functionality.
Instructions:
Level 1:
- Start the DVWA web application on your Kali Linux machine.
- Log in to the application using the default credentials (username: admin, password:
password). - Navigate to the File Upload page by clicking on the “File Upload” link in the top
navigation menu. - Attempt to upload a simple text file (e.g. “test.txt”) to the application. Observe
whether the file is successfully uploaded and if it can be accessed on the server.
Level 2:
- Start the DVWA web application on your Kali Linux machine.
- Log in to the application using the default credentials (username: admin, password:
password). - Navigate to the File Upload page by clicking on the “File Upload” link in the top
navigation menu. - Attempt to upload a file with a double extension (e.g. “test.txt.php”) and observe
whether the file is successfully uploaded and if it can be accessed on the server.
Level 3:
- Start the DVWA web application on your Kali Linux machine.
- Log in to the application using the default credentials (username: admin, password:
password). - Navigate to the File Upload page by clicking on the “File Upload” link in the top
navigation menu. - Attempt to upload a file with a malicious payload (e.g. a PHP shell) and observe
whether the file is successfully uploaded and if it can be accessed on the server. - Once the malicious file is uploaded and accessible, use it to execute commands on
the server and gain access to sensitive information.
Note: The above exercise is for educational and testing purposes only. Attempting to
compromise a website without prior authorization is illegal and could result in serious
consequences.
