How to crack zip file passwords on linux using

fcrackzip

Remember the lame file/folder password protection trick we discussed yesterday? As it seems,
someone pointed that out pretty well ;). We will get into the better protection schemes sometime
later, lets see how to break the mechanism we used previously.
So, lets start with the password breaking tool, fcrackzip. This tool specializes in breaking password
for zip files.

Install fcrackzip on Linux

It is available in the repositories of Ubuntu. Either click this link or use the following command to
install it
[shredder12]$ sudo apt-get install fcrackzip
Others may try installing from the source.

Use fcrackzip to break passwords for zip archives

Lets start by creating a fake zip. Lets zip the folder secret.
[shredder12]$ zip --encrypt -r secret secret/
This will create a secret.zip folder. Lets say the password we used was "linux". Now, run the
following fcrackzip command to break it.
[shredder12]$ fcrackzip -u -c a -p aaaaa secret.zip
PASSWORD FOUND!!!!: pw == linux
1. The -c option lets you select the characterset, 'a' here means lower-case alphabets(small
letters).
2. The -p option lets you select an initial string to start brute-force attack.
3. If you run fcrackzip without the -u option then it will throw a lot of possible passwords.
When used with -u, it will try to decompress the file with those possible passwords, thus
letting you know the exact one.

Similarly, if you want to brute-force for upper-case alphabets and numerals too then you may use
the "A" and "1" option. e.g.
[shredder12]$ fcrackzip -u -c Aa1 -p aaaaa secret.zip
Use "!" for including special characters !:$%&/()=?{[]}+*~#. If you want to specify only some of
the characters then mention them using ":". e.g. if you want to brute-force with lower-case alphabets
and #,! then mention them like this "-c a:#!".
Just try running it on a password longer than 6 character and you will know how much time a bruteforce attack can take (I am considering a regular, ~2 GHz pc, not a cloud/cluster). Depending upon
the charcter set it could easily take a few minutes. So, sometimes its better to try a dictionary attack
before going for brute-force. You can use the -D option to do so
[shredder12]$ fcrackzip -u -D dict_file secret.zip
As you can see this requires a dict_file, which is a simple text file with a single word in each line.

Specify a range of passwords

Say, you know that the password lies somewhere between 4-6 characters, then you can directly use
this knowledge to not waste computation on smaller length passwords. Use the --length or -l option.
[shredder12]$ fcrackzip -u -c aA1 -l 4-6 secret.zip
The syntax is pretty easy, min-max. This tells fcrackzip to start checking for passwords of min
length upto max. You can even omit the max option and only specify the minimum length.