Today we’re going to crack password-protected zip files using Kali Linux Hacking tools. It doesn’t matter if you have Kali Linux, but you can still crack zip files using Ubuntu distro or any other Linux distro.
However, if we talk about Kali Linux it has a built-in tool called: fcrackzip but you can still use any other software available online for cracking zip files.
Let’s get started!
Crack a Password Protected Zip Files using fcrackzip
[email protected]:~# fcrackzip --help fcrackzip version 1.0, a fast/free zip password cracker written by Marc Lehmann <[email protected]> You can find more info on http://www.goof.com/pcg/marc/ USAGE: fcrackzip [-b|--brute-force] use brute force algorithm [-D|--dictionary] use a dictionary [-B|--benchmark] execute a small benchmark [-c|--charset characterset] use characters from charset [-h|--help] show this message [--version] show the version of this program [-V|--validate] sanity-check the algortihm [-v|--verbose] be more verbose [-p|--init-password string] use string as initial password/file [-l|--length min-max] check password with length min to max [-u|--use-unzip] use unzip to weed out wrong passwords [-m|--method num] use method number "num" (see below) [-2|--modulo r/m] only calculcate 1/m of the password file... the zipfiles to crack methods compiled in (* = default): 0: cpmask 1: zip1 *2: zip2, USE_MULT_TAB
Okay, now we know how to use fcrackzip but where we can find dictionaries for dictionary attack.
Kali Linux has many word-lists
[email protected]:~# locate wordlists
The most useful and which I use every-time.
[email protected]:~# locate rockyou.txt /usr/share/wordlists/rockyou.txt
So, we’re going to use rockyou.txt dictionary for a dictionary attack. If you’re unable to find your password from that dictionary you can use these.
Let’s get started!
Crack a Password Protected Zip File using Dictionary Attack
[email protected]:~/Desktop# fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt fsociety.zip PASSWORD FOUND!!!!: pw == justdoit
As you can see we found our zip password through dictionary attack. But it’s your call which settings you prefer or do this.
[email protected]:~# fcrackzip --help