Modern websites use databases to store and manage information. We want to better understand the framework that makes the connection between a webpage and a database possible. And will try to exploit the known vulnerability to get access into database and find out more information.
• URL: https://lab.hackerinside.xyz/login.php
• Find out the vulnerability.
• exploit the vulnerability.
• grab the ‘flag’.
• HINT: it’s on a different table.
• Suggest a patch for this bug.
Students will explore the security of e-mail, disposable email accounts and use a secure email system.
Email is one of the most-used forms of communication. How secure are the systems that we use daily and what are the implications of insecure systems? We will also look at alternatives that would ensure security?
Identify security issues related to common email systems. Use a disposable, temporary email system Apply principles of secure email through the PGP email system.
Temporary, Disposable E-Mail
Guerrilla Mail - https://www.guerrillamail.com/
Temp Mail - https://temp-mail.org/en/
Fake Inbox - http://www.fakeinbox.com/
Nada - https://getnada.com/
Install and send a message using PGP - http://openpgp.org/
There are many options for using PGP, try different ones and see how they work together.
Send email using Python.
Look at your email server settings.
Update the info in the Python file.
Python file: (download link) ( https://gist.github.com/anir0y/be6d613dd3d793e54f3e6d2be1dd0f65 )
• Can you email multiple people?
• Could you pull the list of people to email from an external file?
• How can you personalize the email for the recipient?
What could you do to ensure privacy when sending email?
What expectation of privacy do you have when sending e-mail?
If you had a secret message to send, how would you do it?
How could you automate e-mailing many people?
Why do email services "read" your email? What is their goal?
How does PGP secure email differently than GMail?
Why don't people use services like PGP more often?
What is phishing?
What is spear-phishing?