Cracking zip passwords with fcrackzip

If you run a decent OS (linux) you should be able to:

sudo apt-get install fcrackzip

Then read the man page but know that there is one little gotcha. fcrackzip’s default brute force starting length is 5 characters and by default it will run up to 6 characters. The gotcha of course is that if your password is 4 characters long you will never find it. So always run it with the -l flag and start at 1.

jonathan@jonathan:~/Desktop$ fcrackzip secret.zip –verbose -b -l 1-10 -u
found file ‘fool.swf’, (size cp/uc  87763/172969, flags 9, chk 6136)
found file ‘file.exe’, (size cp/uc 632452/1176497, flags 9, chk 614d)
found file ‘logo.jpg’, (size cp/uc  49916/ 51346, flags 9, chk 6113)
found file ‘code.txt’, (size cp/uc   5661/ 34639, flags 9, chk 6141)
checking pw g:*~

PASSWORD FOUND!!!!: pw == idea

Easy peasy. It finds that password in 0.796 seconds.

Someone owes me a beer 🙂

Advertisements

One thought on “Cracking zip passwords with fcrackzip

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s