This tutorial demonstrates how to crack passwords on encrypted ZIP files. The application used for this example is fcrackzip.
Software
- fcrackzip
Install fcrackzip
- Included in Kali Linux
- If not currently installed on your distro:
- $sudo apt-get update
- $sudo apt-get install fcrackzip
Using fcrackzip
For this example, we will use a dictionary attack to crack a ZIP password. Start by creating a text file and storing it in an encrypted ZIP file.
- $cat > file.txt
- $This is a sample file. (Press enter)
- Ctrl + C
- $cat file.txt
- $zip –encrypt sample.zip file.txt
- Repeat password twice
To view options for fcrackzip, use the following command (manpage found here):
- $fcrackzip –help
Use the rockyou.txt word list that comes default with Kali. Sudo is required to move this file.
- $sudo cp /usr/share/wordlists/rockyou.txt.gz rockyou.txt.gz
- $sudo gzip -d rockyou.txt.gz
Use fcrackzip and rockyou.txt to crack the password on the ZIP file. Adjust the paths for your environment.
- $fcrackzip -v -u -D -p /home/pentaroot/rockyou.txt /home/pentaroot/sample.zip
- -u (–use-unzip); helps with false positives
- -D (–dictionary); selects dictionary mode
- -p (–init-password string); use to select the rockyou.txt file
- -v (–verbose); not required
Fcrackzip found the password ‘starwars’. If this did not work for your password, you may try additional word lists found on Kali or download additional ones online to try.
On Your Own
There are other ways to use fcrackzip to crack ZIP passwords rather than using a dictionary attack. Brute forcing is another option that is worth a try. Start with an easy password for a dictionary attack and then move on to a brute force attack with a stronger password. As mentioned previously, refer to the fcrackzip man page for additional options.
I’m doing a sample like that but the result does not return the password:
fcrackzip -v -D -p lista.txt teste.zip
found file ‘teste.txt’, (size cp/uc 17/ 5, flags 1, chk e6b4)
My best guess is the password for teste.zip is not contained in lista.txt. Try using alternative wordlists.
You may also create a new ZIP file protected with a password you know is contained in lista.txt, then run fcrackzip against the new ZIP file. This will rule out any errors with the fcrackzip application.