ZIP File password cracking

Introduction to ZIP Files

ZIP files are one of the most widely used file formats for compressing and archiving data. Introduced by Phil Katz in 1989, the ZIP format allows users to bundle multiple files into a single container while reducing their overall size through compression. This makes ZIP files ideal for sharing large amounts of data over email or other file transfer systems. Additionally, ZIP files can be password-protected and encrypted, adding a layer of security to sensitive information.

Key Features of ZIP Files

• Compression: Reduces file sizes to save storage space and speed up transfers.

• Archiving: Combines multiple files and folders into a single file for easier management.

• Password Protection: Supports encryption to safeguard data from unauthorized access.

• Cross-Platform Support: Compatible with most operating systems, including Windows, macOS, and Linux.

  
  

Despite their advantages, forgotten passwords can make accessing ZIP files a challenge. Tools like fcrackzip provide a way to recover access in such situations, provided it is done ethically and legally.

In this guide, we will cover everything you need to know to get started with fcrackzip, including installation, syntax, examples, and best practices.

What is fcrackzip?

ZIP files are often encrypted to secure their contents. While this is a useful security feature, forgotten passwords can pose a challenge. fcrackzip is a lightweight tool that helps recover lost or forgotten passwords for ZIP files by performing either brute-force or dictionary-based attacks. It supports traditional ZIP encryption but may not work on newer formats with advanced encryption methods, such as AES.

Installing fcrackzip

On Debian-based Systems (Ubuntu, Kali Linux, etc.)

You can install fcrackzip using the apt package manager:

sudo apt update
sudo apt install fcrackzip

Basic Syntax of fcrackzip

The general syntax for fcrackzip is:

fcrackzip [options] [zipfile]

Commonly Used Options

• -b: Perform a brute-force attack.

• -D: Perform a dictionary attack.

• -c [charset]: Define the character set for brute-force attacks.

  • a: Lowercase letters (a-z).

  • A: Uppercase letters (A-Z).

  • 1: Numbers (0-9).

  • !: Special characters.

• -l [min]-[max]: Specify the range of password lengths.

• -u: Validate extracted files to confirm password correctness.

• -p [password]: Test a specific password.

• -v: Enable verbose mode to display detailed progress.

• -h: Display help information.

  
  

How fcrackzip Works

fcrackzip uses two primary methods to recover passwords:

• Brute-Force Attack This method systematically tries all possible combinations of characters in the specified character set. It is exhaustive and guarantees success if the password falls within the defined parameters, but it can be time-consuming for longer passwords or larger character sets.

• Dictionary Attack This method uses a list of potential passwords (a dictionary file) and tests each one. It is faster than brute-force if you have an idea of what the password might be or if it’s a common password.

Examples of Using fcrackzip

Brute-Force Attack with Lowercase Letters

If you suspect that the password consists of lowercase letters and is between 4 and 6 characters long such as "pizza"use the following command:

fcrackzip -b -c a -l 4-6 -u protected.zip

Explanation:

• -b: Brute-force mode.

• -c a: Use the lowercase letter set (a).

• -l 4-6: Limit the password length to between 4 and 6 characters.

• -u: Validate extracted files to confirm the password.

This is an example of guessing the password of "christmas123"

fcrackzip -b -c a1 -l 8-13 -u protected.zip

Explanation:

• -b: Brute-force mode.

• -c a1: Use the lowercase letter set (a) and number set (1)

• -l 8-13: Limit the password length to between 8 and 13 characters.

• -u: Validate extracted files to confirm the password.

Custom Character Set for Brute-Force

If you believe the password includes numbers and special characters such as "p1zza!" specify a custom character set:

fcrackzip -b -c 1! -l 4-6 -u protected.zip

Explanation:

• -c 1!: Use numbers (1) and special characters (!) as the character set.

• -l 4-6: Password length is between 3 and 5 characters.

Dictionary Attack

If you have a list of possible passwords saved in a file called wordlist.txt, use the dictionary attack mode:

fcrackzip -D -p wordlist.txt -u protected.zip

Explanation:

• -D: Enable dictionary attack mode.

• -p wordlist.txt: Specify the path to the dictionary file.

• -u: Validate extracted files to confirm the password.

Testing a Specific Password

If you want to test a single password directly, you can use:

fcrackzip -p mypassword -u protected.zip

Explanation:

• -p mypassword: Test the password mypassword.

• -u: Validate extracted files to confirm the password.

  
  

Verbose Mode

To see detailed output during the cracking process, add the -v flag:

fcrackzip -b -c a -l 4-6 -v -u protected.zip

Tips for Optimizing Password Recovery

• Prioritize Known Parameters: If you have any information about the password (length, character set, etc.), use it to narrow down the search space and speed up the process.

• Use a Dictionary First: Dictionary attacks are generally faster than brute-force. Use them if you have a list of likely passwords.

• Split the Workload: For large-scale brute-force attacks, divide the task by splitting the character set or password length range across multiple machines.

• Optimize Character Sets: Avoid unnecessary characters in the character set. For example, if the password is unlikely to contain special characters, exclude them.

• Use Hardware Acceleration: fcrackzip itself doesn’t support GPU acceleration, but there are other tools, such as Hashcat, that can work faster on modern hardware.

Troubleshooting Common Issues

1. Password Not Found

• Ensure the ZIP file uses traditional encryption, as fcrackzip does not support advanced AES encryption.

• Double-check the specified character set or dictionary file.

  
  

2. Slow Performance

• Narrow down the password length range with the -l option.

• Use a smaller or more targeted character set.

  
  

Compatibility Issues

If fcrackzip doesn’t work, verify the encryption type of the ZIP file. Tools like zipinfo or 7zip can provide details about the encryption method.

Alternative Tools

While fcrackzip is effective for traditional ZIP encryption, consider using these tools for other encryption types:

• John the Ripper: Supports a wide range of encryption formats.

During testing with fcrackzip I also compared using the following tools, which cracked the password quicker.

First you run "zip2john filename > outputhash.txt" to export the hash

Then "john outputhash.txt" to crack the hash file to extract the password.

• Hashcat: GPU-accelerated password recovery for various file types.

• 7z Command-Line Tool: Useful for analyzing and extracting ZIP files with modern encryption.

  
  

Conclusion

fcrackzip is a straightforward and powerful tool for recovering passwords from ZIP files. By understanding its options and methods, you can tailor your approach to achieve efficient and effective results.

The other tools are zip2john and john which was quicker in the tests.

Creating a Password-Protected ZIP File to test fcrackzip

The zip command in Linux is a versatile tool for creating ZIP files and can also be used to add password protection. Here’s how you can do it:

Basic Syntax

To create a password-protected ZIP file:

zip -e [output.zip] [file1] [file2] [...]

• -e: Enables encryption for the ZIP file.

• [output.zip]: The name of the resulting ZIP file.

• [file1] [file2] [...]: The files you want to include in the ZIP archive.

Example

Suppose you want to compress and password-protect two files, file1.txt and file2.txt. Use the following command:

zip -e protected.zip file1.txt file2.txt

1. You will be prompted to enter a password.

2. Confirm the password.

3. A new file named protected.zip will be created, containing the encrypted files.

   

Decrypting and Extracting Files

To extract files from a password-protected ZIP file, use the unzip command:

unzip protected.zip

You will be prompted to enter the password. Once entered, the files will be extracted.