Cracking Zip File Passwords Brute Force With Linux

Code:

sudo apt install -y fcrackzip

Or (dont use git it wont install, use top option).

Code:

git clone https://github.com/hyc/fcrackzip.git

(If you use git clone method you will have to compile / make)



Example:

Code:

fcrackzip -b -c a -p aaaaaa ./noradi.zip

NAME

       fcrackzip - a Free/Fast Zip Password Cracker

SYNOPSIS

       fcrackzip  [-bDBchVvplum2] [--brute-force] [--dictionary] [--benchmark]
       [--charset    characterset]    [--help]    [--validate]     [--verbose]
       [--init-password    string/path]   [--length   min-max]   [--use-unzip]
       [--method name] [--modulo r/m] file...

DESCRIPTION

       fcrackzip searches each zipfile given for encrypted files and tries  to
       guess the password. All files must be encrypted with the same password,
       the more files you provide, the better.

   OPTIONS
       -h, --help
              Prints the version number and (hopefully) some helpful insights.

       -v, --verbose
              Each -v makes the program more verbose.

       -b, --brute-force
              Select brute force mode. This tries all possible combinations of
              the letters you specify.

       -D, --dictionary
              Select  dictionary  mode.  In  this  mode,  fcrackzip  will read
              passwords from a file, which must contain one password per  line
              and should be alphabetically sorted (e.g. using sort(1)).

       -c, --charset characterset-specification
              Select  the  characters  to use in brute-force cracking. Must be
              one of

                a   include all lowercase characters [a-z]
                A   include all uppercase characters [A-Z]
                1   include the digits [0-9]
                !   include [!:$%&/()=?{[]}+*~#]
                :   the following characters upto the end of the spe-
                    cification string are included in the character set.
                    This way you can include any character except binary
                    null (at least under unix).

              For example, a1:$% selects lowercase characters, digits and  the
              dollar and percent signs.

       -p, --init-password string
              Set  initial  (starting)  password  for brute-force searching to
              string, or use the file with the name string to supply passwords
              for dictionary searching.

       -l, --length min[-max]
              Use  an  initial password of length min, and check all passwords
              upto passwords of length max (including). You can omit  the  max
              parameter.

       -u, --use-unzip
              Try  to  decompress  the  first  file  by calling unzip with the
              guessed password. This weeds out false positives when not enough
              files have been given.

       -m, --method name
              Use method number "name" instead of the default cracking method.
              The switch --help will print a list of  available  methods.  Use
              --benchmark  to  see  which  method  does  perform  best on your
              machine. The name can also be the number of the method to use.

       -2, --modulo r/m
              Calculate only r/m of the password. Not yet supported.

       -B, --benchmark
              Make a small benchmark, the output is nearly meaningless.

       -V, --validate
              Make some basic checks whether the cracker works.

ZIP PASSWORD BASICS

       Have you ever mis-typed a password for unzip? Unzip reacted pretty fast
       with ´incorrect password´, without decrypting the whole file. While the
       encryption algorithm used by zip is relatively secure, PK made cracking
       easy  by  providing  hooks for very fast password-checking, directly in
       the zip file. Understanding these is crucial to zip password cracking:

       For each password that is tried, the first twelve bytes of the file are
       decrypted.  Depending  on  the  version of zip used to encrypt the file
       (more on that later),  the  first  ten  or  eleven  bytes  are  random,
       followed  by  one or two bytes whose values are stored elsewhere in the
       zip file, i.e. are known beforehand. If these last bytes don't have the
       correct  (known)  value, the password is definitely wrong. If the bytes
       are correct, the password might be correct, but the only method to find
       out is to unzip the file and compare the uncompressed length and crc´s.

       Earlier  versions  of  pkzip (1.xx) (and, incidentally, many zip clones
       for other operating systems!) stored two known bytes.  Thus  the  error
       rate  was  roughly  1/2^16 = 0.01%. PKWARE ´improved´ (interesting what
       industry calls improved) the security of their format by only including
       one  byte, so the possibility of false passwords is now raised to 0.4%.
       Unfortunately, there is no real way to distinguish one  byte  from  two
       byte formats, so we have to be conservative.

BRUTE FORCE MODE

       By  default,  brute  force  starts  at the given starting password, and
       successively tries all combinations until they are exhausted,  printing
       all  passwords  that  it  detects,  together  with  a rough correctness
       indicator.

       The starting password given by the -p  switch  determines  the  length.
       fcrackzip   will   not   currently   increase   the   password   length
       automatically, unless the -l switch is used.

DICTIONARY MODE

       This mode is similar to brute force mode,  but  instead  of  generating
       passwords  using  a given set of characters and a length, the passwords
       will be read from a file that you have to specify using the -p switch.

CP MASK

       A CP mask is a method to obscure images or  parts  of  images  using  a
       password.   These  obscured  images  can be restored even when saved as
       JPEG files. In most of these files the password is actually hidden  and
       can  be  decoded  easily  (using  one  of the many available viewer and
       masking programs, e.g. xv). If you  convert  the  image  the  password,
       however,  is  lost.  The cpmask crack method can be used to brute-force
       these images. Instead of a zip file you supply the obscured  part  (and
       nothing  else)  of  the  image  in  the  PPM-Image Format (xv and other
       viewers can easily do this).

       The cpmask method can only cope with  password  composed  of  uppercase
       letters,  so  be  sure  to supply the --charset A or equivalent option,
       together with a suitable initialization password.

EXAMPLES

    

Code:

   fcrackzip -c a -p aaaaaa sample.zip
              checks the encrypted files in sample.zip  for  all  lowercase  6
              character passwords (aaaaaa ... abaaba ... ghfgrg ... zzzzzz).

       fcrackzip --method cpmask --charset A --init AAAA test.ppm
              checks  the  obscured  image  test.ppm  for  all  four character
              passwords.

       fcrackzip -D -p passwords.txt sample.zip
              check for every password listed in the file passwords.txt.

PERFORMANCE

       fzc, which seems to be widely used as a fast password  cracker,  claims
       to  make  204570  checks per second on my machine (measured under plain
       dos w/o memory manager).

       fcrackzip, being written in  C  and  not  in  assembler,  naturally  is
       slower.  Measured  on  a  slightly  loaded unix (same machine), it´s 12
       percent    slower    (the    compiler    used    was     pgcc,     from
       http://www.gcc.ml.org/).

       To remedy this a bit, I converted small parts of the encryption core to
       x86 assembler (it will still compile on non x86 machines), and now it´s
       about  4-12  percent  faster than fzc (again, the fcrackzip performance
       was measured under a multitasking os,  so  there  are  inevitably  some
       meaurement  errors),  so there shouldn't be a tempting reason to switch
       to other programs.

       Further improvements are definitely possible: fzc took 4 years  to  get
       into  shape, while fcrackzip was hacked together in under 10 hours. And
       not to forget you have the source, while  other  programs  (like  fzc),
       even  come  as  an encrypted .exe file (maybe because their programmers
       are afraid of other people  could  having  a  look  at  their  lack  of
       programming skills?  nobody knows...)

RATIONALE

       The  reason  I  wrote fcrackzip was NOT to have the fastest zip cracker
       available, but to provide a portable, free (thus extensible), but still
       fast  zip  password  cracker.  I  was  really pissed of with that dumb,
       nonextendable zipcrackers that were either slow, were too  limited,  or
       wouldn't  run  in  the background (say, under unix). (And you can't run
       them on your superfast 600Mhz Alpha).

BUGS

       No automatic unzip checking.

       Stop/resume facility is missing.

       Should be able to distinguish between files with 16  bit  stored  CRC´s
       and 8 bit stored CRC´s.

       The benchmark does not work on all systems.

       It's still early alpha.

       Method "cpmask" only accepts ppms.

       Could be faster.







manpages.ubuntu.com/manpages.gz/xenial/man1/fcrackzip.1.gz
github.com/hyc/fcrackzip

More @ http://manpages.ubuntu.com/manpages/xenial/man1/fcrackzip.1.html

Crack Script



Make Executable:

Code:

sudo chmod +x *.sh

Code:

#!/bin/bash
# (c) J~Net 2017
#
# Install 1st
# sudo apt install -y fcrackzip
#
# Usage: ./crack.sh test.zip 6
# # Name of Zip & Number of Chars To Try!
fn="$1"
str="a"
iter="$2"
# Not recommended with large sequences.
loopvar=$(for i in $(seq 1 $iter); do
    printf $str
done)
# fcrackzip -b -c a -p aaaaaa ./noradi.zip
#
# no carrige returns by using fprint   
#
# Forloops help
# http://stackoverflow.com/questions/4764383/arguments-passed-into-for-loop-in-bash-script
#
# make a var from a loop output
# http://stackoverflow.com/questions/36223802/store-for-loop-results-as-a-variable-in-bash
fcrackzip -b -c a -p $loopvar $fn

Now make this into a function

Code:

sudo gedit .bashrc

Code:

function Crack(){
# Name of Zip & Number of Chars To Try!
fn="$1"
str="a"
iter="$2"
# Not recommended with large sequences.
loopvar=$(for i in $(seq 1 $iter); do
    printf $str
done)
# fcrackzip -b -c a -p aaaaaa ./noradi.zip
#
# no carrige returns by using fprint   
#
# Forloops help
# http://stackoverflow.com/questions/4764383/arguments-passed-into-for-loop-in-bash-script
#
# make a var from a loop output
# http://stackoverflow.com/questions/36223802/store-for-loop-results-as-a-variable-in-bash
fcrackzip -b -c a -p $loopvar $fn
}


Now you can use

Code:

Crack file.zip 6