INSECURE DATA STORAGE 2 - LOCAL DATABASES
- Layout for this exercise:
- Connecting from Santoku to Nexus 5 with ADB:
- Launching the application:
- The fourth challenge is based on the fact that some applications store sensitive information in local databases.
- Clicking the challenge 4 tab:
- The application prompts the user for credentials (username + password) to be saved.
- In this example, let's introduce these simple credentials:
username: Alice
password: PasswordForAlice
- The applications displays a message stating that the credentials have been successfully saved:
- Searching inside the package jakhar.assem.diva, there is a folder named databases:
- Opening the folder, there are a number of different databases. We could try any of them until finding interesting information. However, for the sake of simplicity, let's go directly to ids2:
- Android uses SQlite database management system:
- There are 2 tables inside the ids2 database:
- Selecting everything from the table myuser, we find the credentials introduced by the user:
