DIVA - Insecure Data Storage - Part 1


Next challange in the list is Insecure Data Storge.
3-1
In this challenge we will try to understand how an application store a sensitive information inside the device in plain text or with weak encryption, which could later lead to data information leakage.
3-2
In the password section I put (111222) or any random password you wish to save and click on save.
Now for our next step we need to read some internal files and for that we would require root permission
Now connect to android device with adb shell
3-3
3-4
Check for connect devices
3-5
As we can see our device is connect we are good to go
3-6
We have the root shell now, we can read the internal file without restriction now
3-7
As you can see there is a (shared_prefs) folder which means the application is storing these details using shared preferences
If you analyze the source code you will get the clear understanding
3-8
3-9
Now get back to adb shell
3-10
As you cans see the credentials are being saved in plain text inside the device.

~ tavşanı sever

Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram

Comments