how to crack zip file passwords on linux using fcrackzip
DESCRIPTION
tutorial on how to use Fcrack to unseal encrypted pdf filesTRANSCRIPT
-
How to crack zip file passwords on linux using fcrackzip
Remember the lame file/folder password protection trick we discussed yesterday? As it seems, someone pointed that out pretty well ;). We will get into the better protection schemes sometime later, lets see how to break the mechanism we used previously.
So, lets start with the password breaking tool, fcrackzip. This tool specializes in breaking password for zip files.
Install fcrackzip on LinuxIt is available in the repositories of Ubuntu. Either click this link or use the following command to install it
[shredder12]$ sudo apt-get install fcrackzip
Others may try installing from the source.
Use fcrackzip to break passwords for zip archivesLets start by creating a fake zip. Lets zip the folder secret.
[shredder12]$ zip --encrypt -r secret secret/
This will create a secret.zip folder. Lets say the password we used was "linux". Now, run the following fcrackzip command to break it.
[shredder12]$ fcrackzip -u -c a -p aaaaa secret.zip
PASSWORD FOUND!!!!: pw == linux
1. The -c option lets you select the characterset, 'a' here means lower-case alphabets(small letters).
2. The -p option lets you select an initial string to start brute-force attack. 3. If you run fcrackzip without the -u option then it will throw a lot of possible passwords.
When used with -u, it will try to decompress the file with those possible passwords, thus letting you know the exact one.
-
Similarly, if you want to brute-force for upper-case alphabets and numerals too then you may use the "A" and "1" option. e.g.
[shredder12]$ fcrackzip -u -c Aa1 -p aaaaa secret.zip
Use "!" for including special characters !:$%&/()=?{[]}+*~#. If you want to specify only some of the characters then mention them using ":". e.g. if you want to brute-force with lower-case alphabets and #,! then mention them like this "-c a:#!".
Just try running it on a password longer than 6 character and you will know how much time a brute-force attack can take (I am considering a regular, ~2 GHz pc, not a cloud/cluster). Depending upon the charcter set it could easily take a few minutes. So, sometimes its better to try a dictionary attack before going for brute-force. You can use the -D option to do so
[shredder12]$ fcrackzip -u -D dict_file secret.zip
As you can see this requires a dict_file, which is a simple text file with a single word in each line.
Specify a range of passwordsSay, you know that the password lies somewhere between 4-6 characters, then you can directly use this knowledge to not waste computation on smaller length passwords. Use the --length or -l option.
[shredder12]$ fcrackzip -u -c aA1 -l 4-6 secret.zip
The syntax is pretty easy, min-max. This tells fcrackzip to start checking for passwords of min length upto max. You can even omit the max option and only specify the minimum length.
How to crack zip file passwords on linux using fcrackzipInstall fcrackzip on LinuxUse fcrackzip to break passwords for zip archivesSpecify a range of passwords