Latest posts

10/recent/ticker-posts

Vulnerable Data storages

Mr. Ayushman Dalvi Monday, May 29, 2023

 Vulnerable Data storages




Hello guys so today, In this blog, I am going to tell you about Vulnerable Data storage like SQLite Database. Today every application has processed the data and stored it somewhere. Storing data is different because it depends on how the developer defines it.

There are different forms of data like user data, application data,  user settings, images etc. It can also store some cache data fetched from the internet for the application to work correctly when offline.

Some applications can store user data in public places that anyone can access it. 

There are four ways by which the Android application stores the data:
  • Shared Preferences
  • Internal Storage
  • External Storage
  • SQLite Database
Setup for testing vulnerability - 

Now before starting testing, we need to set up something for that follow the steps listed below:
Follow the below steps to use the DIVA application - 
  • After opening the app you see various options.
  • You just click on Insecure Data Storage-Part2
  • Now enter the login details.
  • Then open the termux and install SQLite  
pkg install sqlite 

  • It starts the installation. 
  • After that log in using the root user for that simply type  
su

  •  in the terminal. Grant the superuser permission.
  • Then simply enter 
cd /data/data/
  • This command is used to get the storage.
  • Type the below command to get a list of storage 
ls

  • Now we need to find a DIVA application directory for that. Search it and then type that in the terminal ex- 
cd <your directory for DIVA>/
  • When you enter this directory just type  
ls
  • To view the directories that are present in these directories then go to /databases again and type the ls command. It shows the list of databases Now to access this database type the below command in termux. 
cp ids2 /data/data/com.termux/files/home/
  • Now our file is copied successfully in our termux and we can exit from the directory using  
exit
  • Now our half work is done here. type one-by-one commands in the terminal written below. 
sqlite3 ids2   //open the database
 
.tables   //shows all available tables
 
select * from table_name; //write name of table shown in your terminal


After this, it shows you the usernames and passwords on your Termux Terminal. There was also a second method we could use for that using VIM. VIM is a package that is available in termux it works like Notepad in Windows. Follow the below steps to use VIM. 

apt install vim   //install vim first 
vim ids2   //open database in vim scroll down and you see username and password both.

That's why encryption of the database is a must-do thing.


 I hope it will help you to learn Ethical Hacking More...! 


NOTE: We created this post only for educational purposes! computertipstricks.tech or author of post are not responsible for any suspicious activity of audiences. 👀

Hope this post will help you to know more about Hacking using Android! 

Thank You…!!!!!!

 


Also Visit

Tags:
Mr. Ayushman Dalvi

Posted by: Mr. Ayushman Dalvi

Hello Guys, My name is Ayushman Dalvi and I work at ComputerTips Tricks.tech as a Project Manager for Technical things and I also works as an Author. The ComputerTipsTricks.tech provides you, with the best courses to learn programming languages like HTML, Javascript, PHP, Python, and so on. This website also provide courses for ethical hacking. I hope our website will definitely help you to improve your Programming Skills and Knowledge.

Post a Comment

0 Comments

Please do not add Any Spam link in Comments !