wiki.smhuda.com
Open in
urlscan Pro
2606:4700:4400::6812:282f
Public Scan
URL:
https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/android-local-storag...
Submission: On August 25 via api from US — Scanned from DE
Submission: On August 25 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Wiki
More
SearchCtrl + K
* Introduction
* 👾Penetration Testing
* Application Security
* Mobile App Security
* Android Application Testing
* Security Checklist
* SSL Pinning Bypasses
* Non-Proxy Aware Applications
* Setting up VPN Server
* Bypasses
* Common Proxying Issues
* Android Local Storage Checks
* Android Task Hijacking
* Kiosk Mode / Breakout Testing
* iOS Application Testing
* iOS Testing Using Objection
* IPA Analysis Using MobSF
* iOS Jailbreak Bypass
* Decrypting iOS Apps
* iOS Reverse Engineering
* Jailbreak Detection Bypasses
* iOS Local Storage Checks
* Installing IPA
* ATS Auditing
* iOS Jailbreaking
* Frida Pinning Bypasses
* Code Security
* Web Application Security
* Web Shells
* CSV Injection
* Measure Response Time using CURL
* OSINT
* EyeWitness
* GraphQL Hacking
* API Security
* Security Checklist
* Postman and Burp
* CURL via BurpSuite
* Infrastructure Security
* Network Infrastructure
* Red Team Powershell Scripts
* Mounting NFS Shares
* Password Cracking/Auditing
* Remote Access Sheet
* Password Cracking Using Hashcat
* Calculate IP Addresses from CIDR
* Grep IP addresses or IP Ranges from a File
* Default Credentials Checking
* Check SSL/TLS Certificates
* Log a terminal session
* Unauthenticated Mongo DB
* Microsoft SQL Server (MSSQL)
* NTP Mode 6 Vulnerabilities
* BloodHound
* AD Offensive Testing
* CrackMapExec
* Select all IP addresses in Sublime Text
* Convert CIDRs to an IP address list
* Microsoft Exchange Client Access Server Information Disclosure
* Web Server HTTP Header Internal IP Disclosure
* smbclient.py
* GetUserSPNs.py
* Get-GPPPassword.py
* SMBMap
* Mounting Shares
* mitm6
* AD Attacks
* Weak IKE Security Configurations
* Wireless Security
* Cached Wireless Keys
* Aircrack Suite
* SSL/TLS Security
* Secure Code Review
* Python
* Semgrep
* Semgrep to HTML Report
* Cloud Security
* Cloud Penetration Testing
* Social Engineering
* Simulated Phishing
* GoPhish
* Tool Usage
* Docker
* Split
* PhantomJS
* Aquatone
* Tmux
* Ipainstaller
* Public IP From Command Line
* Wifite
* IKE Scan
* Grep
* Pulling APKs
* Bitsadmin
* Drozer
* Iptables
* Python Web Server
* Crackmapexec
* Impacket
* Nessus
* Adding SUDO User
* Nmap
* Metasploit Payloads
* SMTP Open Relay
* SQLMap
* Screen
* Remove All After Colon
* Remove Old Linux Kernels
* CURL
* Hashcat
* Secure Copy Protocol (SCP)
* SSH & PGP Tools
* IP Calculator
* BloodHound
* Netcat File Transfer
* OpenVAS
* BurpSuite
* Exiftool
* Errors and Solutions
* Kill Process On Specific Port
* Kill SSH Port Forwarding
* SSH Key
* Expanding Disk on Kali VM
* Scoping
* Scoping Questionnaires
* Mobile App Testing
* OSINT
* Dark Web OSINT
* Certificate Chain Check
* EyeWitness - Web Service Screenshot
* Tor to Browse Onion Links
* DarkDump - Scan Dark Web for Onion Links
* Domain related File Search
* Google Dorking
* IP / Network Blocks owned by a Company
* ⌨️Programming
* Automation
* Running a Service at Boot
* Network Connectivity Cron
* Python
* Adding Columns in Pandas
* Copy Entire Column Data To New Column Pandas
* Loading Progress Bar
* Reorder Columns in Pandas
* Filename with Date/Time Stamp
* Command Line Arguments
* Changing Date Format
* Removing Index Column Pandas
* Regex - Remove HTML Tags
* Column Header Mapping
* 🌐Miscellaneous
* Scripts
* Clickjacking Checker
* Bulk WHOIS
* SMB Signing Check
* FDQN to IP Address
* Grep IP Addresses
* Nessus Parser
* Build Review Audit
* Nessus Merger
* Nmap2CSV
* Favourite Reads/Links
* Hacking Posters
* Windows Developer VMs
* Windows Workspaces
* GitHub Pages
* Interview Prep
* Senior Penetration Tester
* CVSS Formula
* Android Rooting
* Lineage OS 18.1 on OnePlus X
* TWRP Recover on OnePlus X
* Magisk Rooting
* Presentation Slides
* BlackHat - USA [2022]
* 🐞Vulnerability Wiki
* 🌐APPLICATION LEVEL
* 🔒AUTHENTICATION
* Authentication Bypass
* Lack of Password Confirmation
* 2FA Code Brute-forceable
* Lack of Verification
* Lack of Throttling on Form Submissions
* Lack of Rate Limiting on Login
* Weak Password Complexity Rules
* 🖥️SESSION MANAGEMENT
* 🔑ACCESS CONTROL
* 🔢INPUT VALIDATION
* ➗CRYPTOGRAPHY
* 📉LOGGING
* 📕DATA PROTECTION
* 📲COMMUNICATION
* 👨💻MALICIOUS CODE
* 💡LOGIC
* 🗄️FILE UPLOAD
* ⚙️API ISSUES
* 🔍CONFIGURATIONS
* 💾INFRASTRUCTURE LEVEL
Powered by GitBook
ANDROID LOCAL STORAGE CHECKS
The user password can be found unencrypted in the following file on the device:
Copy
/data/data/com.my.application/shared_prefs/users.xml
<string name="myAPP_password">]-&xwhjgmd)u3</string>
Although files under /data/data/[app_package_name] are typically only accessible
by the app, the contents of that directory can be read by the following methods:
* rooting the device
* connecting the phone to a computer and initiating a backup with adb backup
-noapk com.my.app, then analysing the backup contents
* running a shell in the context of the package and copying the file to an
uprotected directory, by issuing the command adb exec-out run-as com.my.app
cat shared_prefs/users.xml /sdcard
REMEDIATION:
Where possible, passwords should not be stored on the device. Instead, perform
initial authentication with the username and password and store a short-lived,
service-specific authorization token. Alternatively, credentials can be stored
in Android's AccountManager.
If storing secrets such as a password is a requirement, use the Android Keystore
API to generate a random key when the app runs for the first time and use that
key to encrypt secrets with a block cipher such as AES before storing them in
Preferences.
AccountManager | Android DevelopersAndroid Developers
PreviousCommon Proxying IssuesNextAndroid Task Hijacking
Last updated 1 year ago
On this page
Was this helpful?