Hey Folks, in this tutorial we are going to talk about an third party ZIP file password cracking tool called “fcrackzip“. It is the best tool that gives us various options to decrypt encrypted zip files and crack the password of any compressed file. In this tutorial, we will demonstrate every feature of this tool and show you by cracking the password of protected zip file.
Note 😀 You can read the complete information about this tool from here.
Let’s take a look 🙂 !!
There are two methods for installing and configuring this tool on kali linux or any other operating system. The first way is to download this tool using the “wget” command and configure it using the “dpkg” command.
dpkg -i fcrackzip_1.0-10_amd64.deb
The other way is to install this tool directly using the following command if you are using the kali inux operating system.
apt install fcrackzip
After successfully installing you can boot this tool using the following command and at the same time we can get some information about this tool by executing the “help” command.
Using the man command we can see all the user manuals of any specific command or tool.
A unique feature of this tool is that we can see the actual benchmark score of our system by adding “B” letter in command.
Create ZIP File
The time has come to create a password protected zip file to demonstrate the use of this tool. We have also left a usage of command through which you can understand better.
Usage 🙂 !! zip –password < your password > < give zip file name > < files that you want compressed >
zip --password shubham@# crack2.zip file1.txt file.txt rep.txt
Cracking alphabet password protected file
You can easily crack the password if you have a minor knowledge about the password. In this case we knew that the password is completely in alphabetical letters, so as you can see the password is easily cracked.
- -b = Bruteforce
- -c = Charest
- ‘a’ = Alphabet Charset
- ‘1′ = Numeric
- ‘a1‘ = Alphabetical and Numeric
- ‘!’ = Special Characters
- ‘l’ = lenght
fcrackzip -b -c 'a' secure.zip
Cracking numeric password protected file
Thus, if the zip file is protected with numeric characters then you should try the following command. As we know the password is completely in numeric form that’s why we only add ‘1′ to the command to get a valid password.
fcrackzip -b -c '1' secure.zip
We can activate verbose mode by adding “v” characters after which we can see some additional details about brute forcing.
fcrackzip -b -v -c 'a' secure.zip
Exclude Wrong Passwords
As you may have noticed, it also gives us the wrong password while cracking the password, so we can use the “-u” parameter to avoid this and to get the exact valid password.
fcrackzip -b -v -c 'a' -u secure.zip
Crack alphanumeric password protected file
Now the situation has become somewhat complicated because we do not know anything about the password, so what will we do in that case? Now we will take both alphabet and numeric characters in command and wait for it to crack. It takes some time but it has successfully cracked the password.
fcrackzip -b -v -c 'a1' -u secure.zip
Minimum and Maximum Length
Now if you know anything about minimum and maximum length of password then you can mentioned in your command as like below.
fcrackzip -b -v -c '1' -l 1-4 -u secure.zip
Sometimes you create your own wordlist to crack the password of zip files, in that case you can use your own wordlist using the following command.
Usgae 🙂 !! fcrackzip -D -p < your wordlist path > < zip fie >
fcrackzip -D -p wordlist.txt secure.zip
You can include special characters in your brute force attack by adding “!” in command.
fcrackzip -b -v -c 'a!' -u secure.zip
Now we will combine all the feature once and try to crack the passphrase protected zip file. As you can see, cracking the password with the fcrackzip tool looks complicated.
zip --password h4x0r2 secure.zip file1.txt file.txt rep.txt
Great 🙂 !! The results are in front of you and you can see that it has dumped the valid password of the zip file in a few seconds.
fcrackzip -b -v -c a1 -l 5-7 -u secure.zip
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.