Hello everyone,
I've been working on a very small project related to Android Operating System and one of the available exploits on metasploit called android_htmlfileprovider. With this simple tool, mixed with just a bit of social engineering, you apparently are able to obtain any files from the victim's android device (only if you already know the file's absolute path on the device).
The thing is, even though I'm able to retrieve regular txt files (containing nothing but plain text) I am not able to gather files with extension .db which actually contain sensitive information like browser's passwords, contacts data, etc.
I believe this has something to do with special characters included on these .db files. I mean, when opening them with a regular text editor, a lot of special characters can be seen:
I'm not completely sure about this, though. I'm also using a rooted AVD (Nexus One) with an old Android Version (2.2) as this exploit will only work with this version (or an older one).
I would really apreciate if someone could help me out on this one.
Thank you.
