Android Hacking and Pentesting

Today we have discussed about

Basic Android OS security mechanism,

Basic malware definition

Attacking Android platform with

Malware, Remote access, File is stealing and Social Engeering attack is methods have been done discussing in the class.

Attacking the Android:

Installing Kali Linux on android to perform attacks

Installing Dsploit for running attack with android (MITM, XSS, traffic sniffing…. Etc.)


you can find the presentation on my slideshare home page as well.





Hacking ATM machine?

running Malware and getting remote access is normal, but hey , is that easy to have such easy physical access to the machine?
I think they should have some behavior control portion in the system to check if any unauthorized device has been conected to the machine, dispose it and make and alarm

I think system designer should be aware of Physical access control  security



Winzip password Cracking

It happens to many of us that we zip some files with passwords, but after a long time we might forget the chosen password, it happened  to me recently, I decided to write about a hand on simple tutorial on how to crack zip password protected  file. Mostly I prefer an online web tool such as  online pdf cracker due to high speed  in cracking, unfortunately I couldn’t find any online unzip cracker, so I tried  to find desktop tool, preferably free one.  “frackzip” is the tool, I am using to crack the zip file. It uses brute force attack, written in assembly language, and it is a free application, which you can find it Kali and BackTrack.

frackzip switches are as follow:

h help

-b brute force
-D dictionary Attack
-B benchmark
-c charset characterset
-V validate
-p init-password string
-l length min-max
-u use-unzip
-m method num
-2 modulo r/m

fcrackzip -u -v -b -p aaaa

If you don’t know the length of the password -p option will increase the speed  of password cracking.  in addition , your computer CPU and RAM  are very important in speed  of cracking.


Password cracking is one the common steps in Penetration testing to find if the web application or network have been configured properly or not.