I tried 3 hour the owncloud server by setup on Koding.com but i did not got any serious issue .Then i saw the Scope there android app also in the scope and i tried for all common vulnerability but failed as its securly coded so next i saw a option that the app will prompt every time before performing any action and its take a 4 digit pin and i one think strike in my mind lets try to bypass the pin protection
Here the following steps to bypass or obtain the pin
When a user Install the app in his device then after Installing its creates some folder
<map>
<string name="select_oc_account">test@uhkk453943ab.hacktheworld.koding.io</string>
<string name="PrefPinCode2">2</string>
<boolean name="set_pincode" value="true" />
<string name="PrefPinCode1">1</string>
<string name="PrefPinCode4">4</string>
<string name="PrefPinCode3">3</string>
</map>
and here set the value of set_pincode to false and save the file and open the app
<boolean name="set_pincode" value="false" />
case Two : Obtaining the pin from the .xml file
to get the password you have to navigate the installation directory
and go to /data/data/com.owncloud.android/shared_prefs and there you will find a file name
com.owncloud.android_preferences.xml and open that file in editor and you will get the code like this
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="select_oc_account">test@uhkk453943ab.hacktheworld.koding.io</string>
<string name="PrefPinCode2">2</string>
<boolean name="set_pincode" value="true" />
<string name="PrefPinCode1">1</string>
<string name="PrefPinCode4">4</string>
<string name="PrefPinCode3">3</string>
</map>
here PrefPinCode1 defines 1st pin digit
and PrefPinCode2 for 2nd digit
PrefPinCode3for 3rd digit
PrefPinCode4 for 4th digit as you can see here the pin is in plain text 1234
So like this the pin bypassed
And here is the video Poc :
Here the following steps to bypass or obtain the pin
When a user Install the app in his device then after Installing its creates some folder
- go to app setting and enable the pin and set 4 digit pin
- Now The point how to get the pin or disable so in two way we can bypass password
- case One: By getting the pin from the xml file to disable the pin you have to navigate the installation directory and go to /data/data/com.owncloud.android/shared_prefs and there you will find a file name com.owncloud.android_preferences.xml and open that file in editor and you will get the code like this
<map>
<string name="select_oc_account">test@uhkk453943ab.hacktheworld.koding.io</string>
<string name="PrefPinCode2">2</string>
<boolean name="set_pincode" value="true" />
<string name="PrefPinCode1">1</string>
<string name="PrefPinCode4">4</string>
<string name="PrefPinCode3">3</string>
</map>
and here set the value of set_pincode to false and save the file and open the app
<boolean name="set_pincode" value="false" />
case Two : Obtaining the pin from the .xml file
to get the password you have to navigate the installation directory
and go to /data/data/com.owncloud.android/shared_prefs and there you will find a file name
com.owncloud.android_preferences.xml and open that file in editor and you will get the code like this
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
<string name="select_oc_account">test@uhkk453943ab.hacktheworld.koding.io</string>
<string name="PrefPinCode2">2</string>
<boolean name="set_pincode" value="true" />
<string name="PrefPinCode1">1</string>
<string name="PrefPinCode4">4</string>
<string name="PrefPinCode3">3</string>
</map>
here PrefPinCode1 defines 1st pin digit
and PrefPinCode2 for 2nd digit
PrefPinCode3for 3rd digit
PrefPinCode4 for 4th digit as you can see here the pin is in plain text 1234
So like this the pin bypassed
And here is the video Poc :