By default, Kali includes the tools to crack passwords for these compressed archives, namely the fcrackzip utility, John the Ripper and a word list. Follow along with us in the step by step instructions below as we show two different methods for cracking the password of a zip file.In this tutorial you will learn:
- What tools are used to crack password protected zip files?
- How to crack zip password with John the Ripper
- How to crack zip password with fcrackzip
|Category||Requirements, Conventions or Software Version Used|
|Software||fcrackzip, John the Ripper, wordlist|
|Other||Privileged access to your Linux system as root or via the |
|Conventions|| # - requires given linux commands to be executed with root privileges either directly as a root user or by use of |
Zip file cracking tools
Both the fcrackzip utility and John the Ripper can be used to crack password protected zip files. You can try both of them or just your preferred tool. These utilities can use word lists in order to launch a dictionary attack against the zip file.
Most or all of these utilities should already be on your system, but you can install or update the necessary packages with the following commands.
$ sudo apt update $ sudo apt install john fcrackzip wordlists
John the Ripper will automatically use its own wordlist located in
/usr/share/john/password.lst. You can always use a different wordlist, such as a custom one or a different file on Kali. To quickly locate all the wordlists on your system, use the following command.
$ locate wordlist
The only other thing you'll need in order to get started is a password protected zip file. If you don't already have one, but would like to follow along, use the following commands to make an example file.
$ touch file1.txt file2.txt file3.txt $ zip -e secret_files.zip file1.txt file2.txt file3.txt
You'll be required to enter a password. If you choose something complicated, the password cracking process may take a lot longer. For this example, we'll pick something simple, like "letmein".
With the utilities installed and our zip file waiting to be cracked, let's move on to the hacking process below.
Crack zip password with John the Ripper
- The first step is to create a hash file of our password protected zip file. Use the
zip2johnutility to generate one.
$ zip2john secret_files.zip > hash.txt
- The password cracking process will actually be launched against the hash file, not the zip file. Use the following command to begin the process with
$ john hash.txt
John was successful in finding the password, and lists the result in its output.
If you already have some idea of what the password to your file may be, it can be far more efficient to use a customized wordlist file. Another popular choice is the rockyou.txt file. You can instruct John to use this file with the following command:
$ john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
For additional options, check John's help output.
$ john --help
Crack zip password with fcrackzip
- To use fcrackzip with the rockyou.txt wordlist, use the following command syntax. There's no need to generate a hash file, as there was with John.
$ fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt secret_files.zip
- To use a brute force attack, you can use the
-boption. It works well with the
-v(verbose) option, so you can see what password it's currently testing. This method will probably take a very long time, as it just tests for random strings, instead of common passwords.
$ fcrackzip -v -u -b secret_files.zip
If you don't have any luck, you can always try a different wordlist. A customized one with suspected passwords is always going to work best. To see more options for fcrackzip, run the following command.
$ fcrackzip -help
In this guide, we saw two tools on Kali Linux that can be used to crack password protected zip files. We also learned about how to use various wordlists with these tools, which can accelerate the process.
A strong password is still going to be tough to crack, and may take your system a long time to finally come up with the password. Weaker passwords can normally be cracked in a short time by either John the Ripper or fcrackzip.