In this article, we are going to discuss fcrackzip which is a third-party tool
for cracking zip files passwords. It is a best tool as it tries to search
zipfile for encrypted files and tries to guess their password. Here, we have
discussed each option available in fcrackzip so that we can use this tool to
its best of potential.
There are many cases where an individual type an incorrect
password. And unzip reacts quickly to it, it doesn’t even need to decrypt the
whole file. While the encryption algorithm used by zip is relatively secure,
fcrackzip made cracking easy by providing hooks for very fast
password-cracking, directly in the zip file. Understanding these is crucial to
zip password cracking.
Every password’s first twelve bytes are decrypted initially.
Depending on the version of zip used to encrypt the file, the first ten or
eleven bytes are random, followed by one or two bytes whose values are stored
elsewhere in the zip file, i.e. are known beforehand. The password is
considered wrong when the last bytes do not match. The only method to determine
that whether the password I correct or not, we need to unzip the file and
compare the uncompressed length and crc’s.
Earlier versions of pkzip stored two known bytes. Thus, the error
rate was roughly 1/216 =0.01%. pkware ‘improved’ the security of
their format by only including one byte, so the possibility of false passwords
is now raised to 0.4%. Unfortunately, there is no real way to distinguish one
byte from two-byte formats, so we have to be conservative.
Introduction to fcrackzip
We frequently use zipped files due
to its small size and encryption algorithm. These zipped files come with a
facility of password protection which maintains the security of the files.
When u have lost the password, and
the problem arises of how to crack it, fcrack comes to the rescue to save and
provide you with the way out in order to protect your documents. Simple way to
crack a protected zip file with the help of fcrackzip which is available under
linux.
Fcrackzip is a free/fast zip
password cracker, It was written by Marc lehmann <pcg@goof.com>.
It was not the fastest zip cracker
available, but to provide a portable, free, but still fast zip password
cracker.
Multiple feature of fcrackzip
As we are using Kali linux, fcrackzip
tool is installed by default, we just need to open the terminal and just type
“fcrackzip --help” and its help command will run and greet you.
·
-b: for using
brute force algorithms.
·
-D: for using
dictionary.
·
-B: execute a
small benchmark.
·
-c: use
characters from charset.
·
-h: show the
help message.
·
--version:
show the version of this program.
·
-V: validate
or check the algorithm.
·
-v: for
verbose mode.
·
-p: for using
a string as a password.
·
-l: for
providing a specific length to password.
·
-u: for weed
out wrong passwords.
·
-m: to
specify the method number.
Creating a password protected zip
file
Firstly, we have to create a
password protected file in that process we need select that file which we want
to secure with that format, after selecting that file we need to follow the
command.
Syntax: zip --password
Cracking the password of zip file
fcrackzip is a very impactful tool
and also quite easy to use for making a brute force attack on any zip file, for
that we need to use different-different format for cracking the password of the
zip file. In order to that we (-b) which allow us to brute force on that zip
file, (-c) which define the charset for the dictionary to brute force.
fcrackzip -b -c 'a' file.zip
In the above result we are seeing
all the possible outcomes of the attack if we want to wipe out the wrong
passwords we can use (-u) which allow us to see only the correct outcome
through the result.
fcrackzip -b -c 'a' -u file.zip
Verbose mode
In fcrackzip, verbose is a mode
which can be intiated using (-v) parameter. Now verbose mode generates extended
information. In our case verbose mode help us to get information about file in
that password protected zip file, like size of that file, name of that file
etc., And the current combination of dictionary which is applied on that zip
file.
fcrackzip -b -v -c 'a' -u file.zip
Cracking numeric password with
specific length
for that we have created a numeric
password protected zip file with the same command which we use earlier to
create a password protected zip file.
In this case we use to 2 different
parameters like (-c ‘1’) we use that parameter earlier but that we use this for
different purpose now we are using this for applying numeric charset. Second
parameter is (-l)
this parameter is use to specify
the length of the password (minimum length – maximum length).
zip --password 123 raj.zip
user.txt
fcrackzip -b -v -c 'a' -l 1-3 -u
raj.zip
Providing intial password
In this parameter we are providing
a set initial password for brute force with the name string to supply passwords
for dictionary searching, through this we can provide them the set of strings
to add those keywords in their dictionary.
fcrackzip -b -v -c 'a' -p ignite
-u file.zip
Dictionary Traversing
In this mode fcrackzip will read
the passwords from a file that is given by us, that file must contain one
password per line and should be alphabetically ordered, so that fcrackzip will
work according to its default working.
fcrackzip -D -p rockyou.txt
file.zip
Different method
In this parameter we are using
different method than default for our cracking process the switch --help will
print a list of available methods, and we can use --benchmark to see which
method is best for our machine, use method number instead of the default
cracking method.
fcrackzip -b -v -c 'a' -m 1 -u
file.zip
Benchmark
This parameter is help us to
findout which method of fcrackzip is more imapactfull in your machine by
calculating a benchmarkscore.
Fcrackzip -B
0 comments:
Post a Comment