• Email info@cyberry.co.uk
  • Fcrackzip

  • frackzip is a handy little tool to crack zip files.

    There are generally two approaches to cracking a zip file.

    The first (quicker option) is to apply a wordlist for the tool to try. If it finds a match, it will open the file.

    The second (longer) method is to brute-force the file, whereby the software simply keeps trying passwords until it hits the right one. Depending on the complexity of the password this could take a seriously long time.

    If you have some idea of the contruction of the password, then you could use the crunch tool to generate a wordlist based on certain criteria.

    For example, if you knew for certain that the password was 6-characters long, that it began with a capital letter, followed by 3 more letters in lower-case, and ends with 2 numbers, then you could create a word-list using the following:

    root@kali:~# crunch 6 6 -t ,@@@%% -o mylist.txt

    To break that down, the first two numbers (6 6) represent the minimum and maximum length of string to generate.

    the -t option specifies the pattern type:

    , represents an uppercase letter

    @ represents a lowercase letter

    % represents a number

    ^ (just for completeness, not used in my example) represents ASCII symbols.

    the -o option is the name of the file you wish to generate.

    This file would be around 300mb

    You can massively reduce the file, if you know a bit more information. For example, lets say that we know that characters 2 & 3 are definitely “f” and “j” and we know the first number is definitely a 5.

    We could adjust our crunch request as follows by adding in what we know:

    root@kali:~# crunch 6 6 -t ,fj@5% -o mylist2.txt

    this reduces the file size from 306mb to 47kb!

     

    We can now use this file in fcrackzip to see if it works:

    root@kali:~#fcrackzip -v -D -u -p mylist2.txt myzipfile.zip

    the options are as follows:

    -v is verbose mode

    -D sets ‘dictionary mode’ to read passwords from the file you specify (notice it’s a capital D)

    -u calls unzip to try to decompress the file first

    -p specifies the password file to use

    mylist2.txt the password file we will feed it.

    myzipfile.zip the zip file we are trying to crack.

     

    If you know nothing about the file, then the second best option is to use a large word-list which will try common words and phrases. So for this we would try the infamous rockyou.txt file:

    root@kali:~#fcrackzip -v -D -u -p rockyou.txt myzipfile.zip

     

    If you still have no joy then the next option is to brute-force….. so we would use something like this:

     

    root@kali:~#fcrackzip -v -b-u myzipfile.zip

    In this case we’ve set the software to -b (‘brute-force mode’) – if you have to resort to this option you might be waiting a long, long time!