NotesWhat is notes.io?

Notes brand slogan

Notes - notes.io

Popular notes

Dear All,

Perform following practical

Assignment 14

a. Insecure Data storage : Part – 2

b. santoku@santaku:~/ jd-gui classes_dex2jar.jar

c. Open the InsecureDataStorage2Activity.class, now do the analysis of the code and found that data is stored in the database

d. private SQLiteDatabase nDB; and create the database name ids2 and create table myuser

e. Now we have to check that it will stare the data in plain text or encrypted text.

f. santoku@santaku:~/ adb shell

g. root@santaku:/# cd /data/data/

h. root@santaku:/data/data/ # cd jakhar.aseem.diva/

i. root@santaku:/cd /data/data/ jakhar.aseem.diva # ls

j. root@santaku:/cd /data/data/ jakhar.aseem.diva #

k. you will find package name databases

l. root@santaku:/cd /data/data/ jakhar.aseem.diva # cd databases

m. root@santaku:/cd /data/data/ jakhar.aseem.diva / databases # ls

n. you will find database name ids2

o. Now to open the database use sqlite3 because it is most used database in most of the android applicaiton

p. root@santaku:/cd /data/data/ jakhar.aseem.diva /databases # sqlite3 dbs2

q. sqlite > .tables // to check the list of tables

r. sqlite > select * from myuser

s. which will shows the username and password.

Assignment 15

a. Insecure Data storage : Part – 3 read the objective

b. Open the InsecureDataStorage3Activity.class if you check the code you find that credential is stored in the temp file

c. File localfile2 = File.createTempfile(“uinfo”, “tmp”, localfile);

d. Now move into the satoku and check the content of the file

e. santoku@santoku:-$ adb shell

f. root@santoku:/ # cd /data/data/

g. root@santoku:/data/data # cd jakhar.aseem.diva

h. root@santoku:/data/data/jakhar.aseem.diva# ls

i. You will find temporary file

j. root@santoku:/data/data/jakhar.aseem.diva# cat uinfo-1050553933tmp

k. It shows that username and password.





Assignment 16

a. External Insecure Data Storage: read the objective

b. Sometimes android developers stores sensitive information without encryption.

c. Application might stores dta in external storage (SD card)

i. /dara/data/[package name]/shared_preferences

ii. Databases

iii. Temporary files

iv. External Storage

b. Click Insecure Data Storage – Part 4 and read the objective

d. Open the InsecureDataStorage4Activity.class, now do the analysis of the code and found that data is stored in the database

a. If check the source code we found that

b. File localFile1 = Environment.getExternalStorageDirectory(); shows that localFile1 object is created and reference of external stored is stored with it.

c. If we go ahead we found that

d. File localFile2 = new File(localFile1.getAbsolutPath() + “/.uinfo.txt”);

e. Which means that uinfo.txt file is created inside the external storage and may contain important information.

f. Lets try to find it in the jakhar.aseem.diva directory if we can find it

g. santoku@santoku:-$ adb shell

h. root@santoku:/ # cd /data/data/

i. root@santoku:/data/data # cd jakhar.aseem.diva/

j. root@santoku:/data/data/jakhar.aseem.diva/ # ls –la

k. There is no file is available.

l. root@santoku:/ cd /mnt/sdcard/

m. root@santoku/cd /mnt/sdcard/ : # ls // but you do not finds that file

n. if you check the source code it shows that “./uinfo” where “./” shows that it is hidden file.

o. root@santoku/cd /mnt/sdcard/ : # ls –a

p. now we can find /uinfo.txt

q. root@santoku/cd /mnt/sdcard/ : # cat ./uinfo.txt

r. now you can see the username and password



Assignment 17

a. SQL Injection

b. Input validation issues occurs where application does not sanitize user input

c. Results in client side as well as server side attacks

d. Open Input Validation Issues – Part 1

e. Open the file SQLInjectionActivey.class and check the rawQuery

f. rawQuery(“SEELCT * FROM sqluser WHERE user = ‘ “+ localEditText.getText().toString() +” ‘” , null());

g. enter diva’or’1’ =’1

a. Input Validation Issues Part 2– Abuse Web View, read the objective

b. WebView : Android -WebView is a view that display web pages / contents inside your application. You can also specify HTML string and can show it inside your application using WebView. WebView makes turns your application to a web application

c. What if input in not sanitize ?

d. Let open the diva application and start the Input validation issues – Part 2 – enter the url and android application connect with it and display the content of the same web content in the same activity.

e. Lets try to check that this web view is taking input without validation, so try to access the android internal files.

f. santoku@santoku:-$ adb shell

g. santoku@santoku:-$ cd /mnt/sdcard

h. santoku@santoku: mnt/sdcard # cat demo.txt

i. now back to the Genymotion and try to access the file stored in the /mnt/sdcard

j. file://mnt/sdcard/demo.txt and click on view

k. Now we can successfully view the content of the file in web view.


--
Dr. Digvijaysinh Rathod
Assistant Professor
Gujarat Forensic Sciences University - State University
Institute of Forensic Science
Sector - 9 , Gandhinagar,Gujarat,India
M: + 91 97236 19183
www.gfsu.edu.in
https://www.facebook.com/todigvijay
--
You received this message because you are subscribed to the Google Groups "CSIR18" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit https://groups.google.com/d/msgid/csir18/CANgUZSnMQ9EV1vtvQDouHXY%3Df_L4TZK3VtBSr5Q_p90B3Oo5pg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
     
 
what is notes.io
  

Notes.io is a web-based application for taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000 notes created and continuing...

With notes.io;

  • * You can take a note from anywhere and any device with internet connection.
  • * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
  • * You can quickly share your contents without website, blog and e-mail.
  • * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
  • * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.

Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.

Easy: Notes.io doesn’t require installation. Just write and share note!

Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )

Free: Notes.io works for 12 years and has been free since the day it was started.


You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;


Email: [email protected]

Twitter: http://twitter.com/notesio

Instagram: http://instagram.com/notes.io

Facebook: http://facebook.com/notesio



Regards;
Notes.io Team

     
 
Shortened Note Link
  
 
Looding Image
 
     
 
Long File
  
 

For written notes was greater than 18KB Unable to shorten.

To be smaller than 18KB, please organize your notes, or sign in.

  
     

Notes

I'm Feeling Lucky

repost for Instagram

Paste Keyboard iOS - Quick Replies

v 2.7.3

We'd love to hear from you. Please email us at [email protected]

Copyright 2022 Metromedya

ios uygulama geliştirme