Now let’s go onto our last challenge of insecure data storage
When you are trying to save the credential you may face this issue, that file error occurred, this is because the application don’t have permission to create file in sdcard, so we can just open app info
Click on permissions
And enable the storage permission
Come back to the app, and you could be able to save the credential now.
Before we solve just quickly have a look at the source code first
When you analyze the code, you will see the application is storing the credential inside sdcard with a hidden file of .uinfo.txt
Now let’s back to our adb shell
In /sdcard folder we can see .uinfo.txt as mention in the sourcecode
And here is our credential in clear text.
Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram
Comments