Latest posts


Vulnerable Data storages

 Vulnerable Data storages

Hello guys so today, In this blog, I am going to tell you about Vulnerable Data storage like SQLite Database. Today every application has processed the data and stored it somewhere. Storing data is different because it depends on how the developer defines it.

There are different forms of data like user data, application data,  user settings, images etc. It can also store some cache data fetched from the internet for the application to work correctly when offline.

Some applications can store user data in public places that anyone can access it. 

There are four ways by which the Android application stores the data:
  • Shared Preferences
  • Internal Storage
  • External Storage
  • SQLite Database
Setup for testing vulnerability - 

Now before starting testing, we need to set up something for that follow the steps listed below:
Follow the below steps to use the DIVA application - 
  • After opening the app you see various options.
  • You just click on Insecure Data Storage-Part2
  • Now enter the login details.
  • Then open the termux and install SQLite 
pkg install sqlite 

  • It starts the installation. 
  • After that log in using the root user for that simply type 

  •  in the terminal. Grant the superuser permission.
  • Then simply enter 
cd /data/data/
  • This command is used to get the storage.
  • Type the below command to get a list of storage

  • Now we need to find a DIVA application directory for that. Search it and then type that in the terminal ex-
cd <your directory for DIVA>/
  • When you enter this directory just type 
  • To view the directories that are present in these directories then go to /databases again and type the ls command. It shows the list of databases Now to access this database type the below command in termux.
cp ids2 /data/data/com.termux/files/home/
  • Now our file is copied successfully in our termux and we can exit from the directory using 
  • Now our half work is done here. type one-by-one commands in the terminal written below.
sqlite3 ids2   //open the database
.tables   //shows all available tables
select * from table_name; //write name of table shown in your terminal

After this, it shows you the usernames and passwords on your Termux Terminal. There was also a second method we could use for that using VIM. VIM is a package that is available in termux it works like Notepad in Windows. Follow the below steps to use VIM.

apt install vim   //install vim first 
vim ids2   //open database in vim scroll down and you see username and password both.

That's why encryption of the database is a must-do thing.

 I hope it will help you to learn Ethical Hacking More...! 

NOTE: We created this post only for educational purposes! or author of post are not responsible for any suspicious activity of audiences. 👀

Hope this post will help you to know more about Hacking using Android! 

Thank You…!!!!!!


Also Visit

Post a Comment