Cracking zip protected password files on
GNU/Linux and FreeBSD
Its not very common, but sometimes it happens you have to crack
some downloaded file from
thepiratebay.com or some other big
torrent tracker. An example scenario would be downloading a huge
words dictionary (a rainbow table) dictionary etc., which was
protected by the author with a password and zipped.
Fortunately
Mark Lehmann developed a software called
fcrackzip which is capable of brute forcing zip protected
file passwords straight on
UNIX like operating systems
(GNU/Linux, FreeBSD).
fcrackzip is available from package repositories on Debian
and Ubuntu Linuces to install via apt:
linux:~# apt-get install frackzip
...
fcrackzip is also available on FreeBSD via the ports tree
and can be installed with:
freebsd# cd /usr/ports/security/fcrackzip
freebsd# make install cleam
On Debian it's worthy to have a quick look on the
README
file:
linux:~# cat /usr/share/doc/fcrackzip/README See
fcrackzip.txt (which is derived from the manpage), or
fcrackzip.html
There is a web page with more information at
http://lehmann.home.ml.org/fcrackzip.html or
http://www.goof.com/pcg/marc/fcrackzip.html
A sample password-protected .zip file is included as "noradi.zip".
It's
password has 6 lower case characters, and fcrackzip will find it
(and a
number of false positives) with
fcrackzip -b -c a -p aaaaaa ./noradi.zip
which will take between one and thirty minutes on typical
machines.
To find out which of these passwords is the right one either try
them out
or use the --use-unzip option.
Marc
Cracking the
noradi.zip password protected sample file on my
dual core 1.8 ghz box with 2gb, it took 30 seconds.
linux:~# time fcrackzip -u -b -c a -p aaaaaa noradi.zip
PASSWORD FOUND!!!!: pw == noradi
real 0m29.627s
user 0m29.530s
sys 0m0.064s
Of course the sample set password for
noradi.zip is pretty
trivial and with more complex passwords, sometimes cracking the
password can take up to 30 minutes or an hour and it all depends on
the specific case, but at least now we the free software users have
a new tool in the growing arsenal of free software programs
;)
Here are the options passed on to the above
fcrackzip
command:
-u -
Try to decompress with the detected possible archive
passwords using unzip (This is necessery to precisely find the
archive password, otherwise it will just print out a number of
possible matching archive passwords and you have to try each of the
passwords one by one. Note that this option depends on a working
unzip version installed.)
-c a -
include all charsets to be tried with the
generated passwords
-b -
Select brute force mode - Tries all possible
combinations of letters specified
-p aaaaaa -
init-password string (Look up for a password
between the password length 6 characters long)
FCrackZip is partly written in assembler and thus is
generally works fast, to reduce the CPU load fcrackzip will put on
the processor its also capable of using external words dictionary
file by passing it the option:
-D -
The file should be in a format one word per line and
be preliminary alphabetically sorted with let's say
sort
Also
fcrackzip supports parallel file brute force, for
example if you have 10 zip files protected with passwords it can
paralelly try to brute force the pwds.
As of time of writting
frackzip reached version 1.0 and
seems to be pretty stable. Happy cracking.
Just to make sure fcrackzip's source is not lost somewhere in the
line in the long future to come, I've created
a fcrackzip
download mirror here