Exam Details
- Duration: 2 Hours (Online Practical)
- Total Marks: 80
- Flags: 6 tasks
- DVWA login:
admin / password
⏳ Not started
Student Details
Student ID:
Full Name:
Integrity Pledge:
I pledge that I will not give or receive any assistance on this online exam, and I will not use unauthorized materials or collaborate with others. I understand that all activity is monitored and logged.
Signature (type your name):
Please enter Student ID, Full Name, and Signature before submitting any flags.
Exam Tasks
T1 — SQL Injection (14 marks)
T2 — Command Injection (14 marks)
T3 — File Upload / RCE (16 marks)
T4 — Directory Traversal (14 marks)
Exploit the vulnerable page: /ctf/traversal_vuln.php
T5 — Local File Inclusion (11 marks)
Use the vulnerable page: /ctf/lfi_vuln.php
T6 — Web Discovery / robots.txt (11 marks)
Review: /ctf/robots.txt and follow disallowed paths to locate the hidden flag file.
Checklist
- DVWA Security Level: Low
- Database seeded & flags created
- CTF portal reachable at
./
Marks Breakdown
- T1 SQLi — 14
- T2 Cmd Inj — 14
- T3 Upload/RCE — 16
- T4 Traversal — 14
- T5 LFI — 11
- T6 Web Discovery — 11
- Total — 80