INSECURE DATA STORAGE 3 - TEMPORARY FILES
- Layout for this exercise:
- Connecting from Santoku to Nexus 5 with ADB:
- Launching the application:
- The fifth challenge is based on the fact that some applications store sensitive information in temporary files.
- Clicking the challenge 5 tab:
- The application asks for credentials, username and password, and then saves them:
- Looking at the Java source code of the activity for this challenge, InsecureDataStorage3Activity.java, we have a hint about where the credentials have been stored:
- The method saveCredentials informs about the storage procedure for the credentials. A temporary file uinfo is created, where the credentials coming from the user input are saved:
- Looking for the temporary file contained at the data directory:
- The credentials are available inside the temporary file:
