Howto Crack Zip Files Password
Sponsored Link
Install fcrackzip in Ubuntu
sudo aptitude install fcrackzip
This will complete the installation.
Fcrack Syntax
fcrackzip [-bDBchVvplum2] [--brute-force] [--dictionary] [--benchmark] [--charset characterset] [--help] [--validate] [--verbose] [--init-password string/path] [--length min-max] [--use-unzip] [--method name] [--modulo r/m] file.
fcrack Options
-h, --help
Prints the version number and (hopefully) some helpful insights.
-v, --verbose
Each -v makes the program more verbose.
-b, --brute-force
Select brute force mode. This tries all possible combinations of the letters you specify.
-D, --dictionary
Select dictionary mode. In this mode, fcrackzip will read passwords from a file, which must contain one password per line and should be alphabetically sorted (e.g. using (1)).
-c, --charset characterset-specification
Select the characters to use in brute-force cracking. Must be one of
a include all lowercase characters [a-z]
A include all uppercase characters [A-Z]
1 include the digits [0-9]
! include [!:$%&/()=?[]+*~#]
: the following characters upto the end of the spe-
cification string are included in the character set.
This way you can include any character except binary
null (at least under unix).
For example, a1:$% selects lowercase characters, digits and the dollar and percent signs.
-p, --init-password string
Set initial (starting) password for brute-force searching to string, or use the file with the name string to supply passwords for dictionary searching.
-l, --length min[-max]
Use an initial password of length min, and check all passwords upto passwords of length max (including). You can omit the max parameter.
-u, --use-unzip
Try to decompress the first file by calling unzip with the guessed password. This weeds out false positives when not enough files have been given.
-m, --method name
Use method number "name" instead of the default cracking method. The switch --help will print a list of available methods. Use --benchmark to see which method does perform best on your machine. The name can also be the number of the method to use.
-2, --modulo r/m
Calculate only r/m of the password. Not yet supported.
-B, --benchmark
Make a small benchmark, the output is nearly meaningless.
-V, --validate
Make some basic checks wether the cracker works.
fcrackzip Examples
fcrackzip -c a -p aaaaaa sample.zip
checks the encrypted files in sample.zip for all lowercase 6 character passwords (aaaaaa ... abaaba ... ghfgrg ... zzzzzz).
fcrackzip --method cpmask --charset A --init AAAA test.ppm
checks the obscured image test.ppm for all four character passwords. -TP fcrackzip -D -p passwords.txt sample.zip check for every password listed in the file passwords.txt.
sounds great!
I’m still looking for a rar cracker though
I’m also looking for a RAR cracker that runs under Linux π
Should be made multi-threading to take advantage of todays CPUs, I’ve got a quad core CPU and only one core works 100% when fcrackzip is running.
@Martin:
If you run fcrackzip 4 times simultaneously (each on a different core) with the starting passwords spaced out about equally and stop the other 3 when one finds the right pass, then that should work about the same as you describe.
Ex (modified from the one in the article):
fcrackzip --method cpmask --charset A1 --init 0000 test.ppmon the first core…
fcrackzip --method cpmask --charset A1 --init 9000 test.ppmon the second core…
fcrackzip --method cpmask --charset A1 --init I000 test.ppmon the third core, and…
fcrackzip --method cpmask --charset A1 --init R000 test.ppmon the fourth CPU
I don’t know how to control which CPU handles which copy of fcrackzip because I’ve never had a computer new enough to have multiple cores (I’m posting from a used Compaq Armada M700 circa 2001 with a 1GHz PIII), but I don’t see why this wouldn’t work.
For rar cracking try run midnight commander, enter the rar archive lika a folder, and and then copy files from rar anywhere you like.
I did it only once and that worked, but still I can’t give you guarantee.
Front-end? GUI?
How to use fcrackzip on windows Vista/xp?
@Rink
lol
after running all possible combinations, how do i know which one is the real password? i guess i missed something…
used:
frackzip -v -b -c Aa1! – l 4 file.zip
created this file.zip with a password = aB4%
shows tons of guesses on the screen, but in the end, i didnt get the real password.
thanks for any help.
sidnei
after running all possible combinations, how do i know which one is the real password? i guess i missed somethingβ¦
You should use option -u
it will try to unzip each guess and leave only the right one
It’s an interesting program, but I must say it’s a huge waste of time. Makes you wonder if anyone ever succeeded at cracking an archive with this method.
@Saverio, we us it several times a week for malware analysis of social engineering files that users know the password (that’s how the malware was was introduced) but have either forgotten or won’t tell us. “waste of time” depends if time is money, it’s only processor time, after all. We have a few older P4s in an outer store-room we use for cracking, it’s cooler than the main block in summer π
@all, make sure you use the -u option, or IIRC just outputs a wordlist for later use. Does that help? Sudden hindsight π
Proof of the pudding π Our department’s latest malware analysis needed the following file to be unzipped from a squid cache (for security the squid proxy is configured to cache all executables certain non-executable files eg: zips/rars/7zips) for later anaysis and audit trail)
$ fcrackzip -u -b -l 1-10 -c aA1! ufs_target.zip
PASSWORD FOUND!!!!: pw == 87ue9o
took about 8 hours runtime for that one, on a already heavily loaded machine.
It’s all over virustotal with 39 detections, but because it was passworded, no A/V could open it. We’re having words with the user as we speak π
@Steve, can cracking speed be increased using several CPUs or several CPU cores? I tried it out and did not manage to have all CPU cores do the work….
It is great.
Missing hyphen, underscore, carat, pipe, and many other symbols from the symbol character set. It’s not possible to specify most of these on the CLI because they mean something to many shells. These should be in the code.
How about an option to include all 255 8-bit combinations? Users can easily defeat this program by using ALT-codes to insert binary coded characters in a password.
i am using version 1.0
the password of the zip file is: aa
but i can not crack it with fcrackzip
i am using: fcrackzip -u -b -l 2-2 z.zip
without the -u flag the output is:
possible pw found: et ()
possible pw found: hl ()
possible pw found: iG ()
possible pw found: i9 ()
possible pw found: qK ()
possible pw found: wo ()
possible pw found: w5 ()
possible pw found: Go ()
possible pw found: Hn ()
possible pw found: Vj ()
possible pw found: V& ()
possible pw found: Yt ()
possible pw found: ZO ()
possible pw found: 2R ()
possible pw found: 3] ()
possible pw found: 65 ()
possible pw found: 6} ()
possible pw found: !E ()
possible pw found: !L ()
possible pw found: $F ()
possible pw found: ?v ()
possible pw found: {C ()
possible pw found: [i ()
am i missing something?
what am i doing wrong?
realmoonstruck says:
April 27, 2011 at 9:57 pm
i am using version 1.0
the password of the zip file is: aa
but i can not crack it with fcrackzip
i am using: fcrackzip -u -b -l 2-2 z.zip
without the -u flag the output is:
possible pw found: et ()
possible pw found: hl ()
possible pw found: iG ()
possible pw found: i9 ()
possible pw found: qK ()
possible pw found: wo ()
possible pw found: w5 ()
possible pw found: Go ()
possible pw found: Hn ()
possible pw found: Vj ()
possible pw found: V& ()
possible pw found: Yt ()
possible pw found: ZO ()
possible pw found: 2R ()
possible pw found: 3] ()
possible pw found: 65 ()
possible pw found: 6} ()
possible pw found: !E ()
possible pw found: !L ()
possible pw found: $F ()
possible pw found: ?v ()
possible pw found: {C ()
possible pw found: [i ()
am i missing something?
what am i doing wrong?
It doesn’t work; i created a protected zip, wrote a few wrong and the right password into a file and executed:
fcrackzip -D -p passwords.txt file.zip
But it didn’t find anything!
If you use the -u option it will try to unzip the file using all tested the passwords so as to give you the only one that works.
frackzip -v -b -c Aa1! -l4 -u file.zip
Also is the = sine part of the password if it is then the password is more than 4 long so you may need to set a max limit of 5. “-l4-5”
Also to make it run faster you can specify the character type you want to use such as;
Aa1:=%
Hope this helps.
Yeah, I tried to use wordlist, but just this result:
$ fcrackzip -v -D -p /home/mendo/cain.txt -u sensitive.zip
found file ‘sensitive/’, (size cp/uc 12/ 0, flags 9, chk 6884)
found file ‘sensitive/file’, (size cp/uc 3736/ 26396, flags 9, chk 65a0)
found file ‘sensitive/dir/’, (size cp/uc 12/ 0, flags 9, chk 79c4)
found file ‘sensitive/dir/file’, (size cp/uc 12/ 0, flags 9, chk 5f3c)
found file ‘sensitive/dir/file1’, (size cp/uc 796/ 1608, flags 9, chk 5571)
found file ‘sensitive/dir/file2’, (size cp/uc 202/ 514, flags 9, chk 79c4)
found file ‘sensitive/dir/file3’, (size cp/uc 1164/ 8468, flags 9, chk 7703)
found file ‘sensitive/dir/file4’, (size cp/uc 102/ 103, flags 9, chk 7347)
8 file maximum reached, skipping further files
Only what I can assume is that the program don’t know work with zip archive, which is containing more then 8 files?:/
Works like a charm.
Forgotten a PW I set 15 years ago.
I used
fcrackzip -v -c aA1 -l 1-8 m.zip
After 3 hours
8 file maximum reached, skipping further files
possible pw found: atarist ()
Awesome, thanks for this great utility.
Alan
rarcrack is a joke.
The developer pooched the printf function such that the only way it runs is with the “–type rar” switch (it cannot detect normally), and the password generated is NEVER correct. I created an RAR with a password to see. It NEVER found the password, but dutifully spat out a password and called it good.
That is a two hour span I’ll never get back.
Dear sir/Madam,
i’m using pentium 4 and it’s configuration is Model: AWRDACPI(INTELR),
Processor:Pentium 4 2390MHz (L1 cache: 0 bytes, L2 cache: 1.00 Mb),
BIOS:Phoenix – AwardBIOS v6.00PG (10-Nov-2010),
MotherBoard:Intel Grantsdale-6A79DGBWC-00,
An error occurs when I tried to to install new OS which
is RHEL 5.2. When the boot screen appears, after I hit this error comes next :
Modules linked in:
CPU : 0
EIP : 0060 : [] Not tainted VLI
EFLAGS : 00010202 (2.6.18-92.e15 #1)
EIP is at powernowk8_init+0x5e/0x1c2
eax : 00000000 ebx : 00000000 ecx : 0000000e edx : 00000020
esi : 00000000 edi : c06242c3 ebp : 00000000 esp : c1866fa0
ds : 007b es : 007b ss: 0068
Process swapper (pid: 1, ti=c1866000 task=c1867aa0 task.ti=c1866000)
Stack : 00000000 c071bbe4 00000000 c06ec5a8 c06e7fd8 c0404dee 00000202 c0bec42b
00000000 00000000 00000000 00000000 00000000 00000000 c06ec42b 00000000
00000000 c0405c3b 00000000 00000000 00000000 00000000 00000000 00000000
Call Trace :
[] init+0x17d/0x24a
[] ref_from_fork+0x6/0x1c
[] init+0x0/0x24a
[] init+0x0/0x24a
[] kernel_thread_helper+0x7/0x10
=========================
Code : 83 3d 20 41 67 c0 01 75 40 83 3d 84 d4 76 c0 00 75 37 68 01 00 00 00 bf c3
42 62 c0 e8 ba 12 19 00 b9 0f 00 00 00 89 c6 49 78 08 ae 75 08 84 c0 75 f5
31 c0 eb 04 19 c0 0c 01 85 c0 75 0a c7
EIP : [] powernowk8_init+0x1c2 SS : ESP 0068 : c1866fa0
kernel panic β not syncing : Fatal exception
I tried both way text or ghaphical but it came same and What should be the possible solution for this?
Please, I’ll be waiting to all of your ideas. And I will respect it also.
Thanks