25 Jun 2012

Crack the password protected zip files using fcrackzip - Backtrack


We frequently use zipped files due to its small size and strong encryption algorithm. These zipped files comes with a facility of password protection which maintains the security of the files.
But sometimes this security feature turns into a drawback if we somehow forget the password. In that case the password cracker play their role. You can also use them if you downloaded a zipped file with password protection on it.
In my last article, if you followed then we learned to make a bootable USB of backtrack. So here I'm gonna introduce a tool which is present in Backtrack and if you have no past experience with Linux then no issues you can start from here. The open source tool we are gonna use is called fcrackzip.
fcrackzip is a fast password cracker partly written in assembler. It is able to crack password protected zip files with brute force or dictionary based attacks, optionally testing with unzip its results.
Here, for the demonstration I'm gonna make a file crackme.zip with a password abcde using winrar. You can also try with me from here.

1) Right click on the file > select add to archieve..
2) Under General tab select ZIP rather than RAR, then under Advanced tab > set Password
3) Suppose our final password protected zip file is crackme.zip (you can use your own)
4) Now copy this file on the desktop for ease in your Backtrack
5) Then click on the Top Right button saying Applications.
6) Navigate to Backtrack > Privilege Escalation > Password Attacks > Offline Attacks > fcrackzip
7) The following terminal screen will pop up
The fcrackzip is loaded with the following options:

-b brute force
-D dictionary Attack
-B benchmark
-c charset characterset
-h help
-V validate
-p init-password string
-l length min-max
-u use-unzip
-m method num
-2 modulo r/m


8) I'm going to apply the brute force attack for password cracking. So the following command will be useful...
fcrackzip -b -c a -l 1-6 /root/Desktop/crackme.zip
here,

-b > bruteforce
-c a > charset lower case alphabets
-l 1-6 > length of expected password


9) Hit Enter and wait for few minutes. fcrackzip combining with Backtrack turns into a more faster password cracking tool
10) That's it. It'll show the password after certain attempts.
Note: Brute force assures gurantee of the result but often take very much time even years for a very strong password to crack. If you use Encrypted language for the password then it may be impossible to apply the brute force. In such case do search for other working alternatives.

"The quieter you become, the more you are able to hear"

If you like this post then you can buy me a drink :P

4 comments:

Rayvicky Asmarayandhie said...

how can I bro haha

Patrick Nieset said...

ok I have tried many variations of the fcrackzip command and everytime I run it I keep getting this message. "no usable files found" WTH????

Anonymous said...

when I tried it shows error like "-b: command not found" what to do with this....? please guide me solve this....

Irina Voinova said...

Thank you! Together with this program can use Manyprog Zip Password Recovery http://manyprog.com/zip-password-recovery.php

Post a Comment

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Online Project management