How to crack zip password on Kali Linux

by

The objective of this guide is to show how to crack a password for a zip file on Kali Linux.

By default, Kali includes the tools to crack passwords for these compressed archives, namely the fcrackzip utility, John the Ripper and a word list. Follow along with us in the step by step instructions below as we show two different methods for cracking the password of a zip file.

In this tutorial you will learn:

  • What tools are used to crack password protected zip files?
  • How to crack zip password with John the Ripper
  • How to crack zip password with fcrackzip
Cracking a password protected zip file on Kali Linux

Cracking a password protected zip file on Kali Linux

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Kali Linux
Software fcrackzip, John the Ripper, wordlist
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Zip file cracking tools

Both the fcrackzip utility and John the Ripper can be used to crack password protected zip files. You can try both of them or just your preferred tool. These utilities can use word lists in order to launch a dictionary attack against the zip file.

Most or all of these utilities should already be on your system, but you can install or update the necessary packages with the following commands.

$ sudo apt update
$ sudo apt install john fcrackzip wordlists

John the Ripper will automatically use its own wordlist located in /usr/share/john/password.lst. You can always use a different wordlist, such as a custom one or a different file on Kali. To quickly locate all the wordlists on your system, use the following command.

$ locate wordlist
The large assortment of wordlists available on Kali, found with the locate command

The large assortment of wordlists available on Kali, found with the locate command

The only other thing you’ll need in order to get started is a password protected zip file. If you don’t already have one, but would like to follow along, use the following commands to make an example file.

$ touch file1.txt file2.txt file3.txt
$ zip -e secret_files.zip file1.txt file2.txt file3.txt

You’ll be required to enter a password. If you choose something complicated, the password cracking process may take a lot longer. For this example, we’ll pick something simple, like “letmein”.

Our password protected zip file that we will try to crack

Our password protected zip file that we will try to crack

With the utilities installed and our zip file waiting to be cracked, let’s move on to the hacking process below.

Crack zip password with John the Ripper

  1. The first step is to create a hash file of our password protected zip file. Use the zip2john utility to generate one. 
    $ zip2john secret_files.zip > hash.txt
    2. The hash file has been generated

    The hash file has been generated

  2. The password cracking process will actually be launched against the hash file, not the zip file. Use the following command to begin the process with john. 
    $ john hash.txt

John was successful in finding the password, and lists the result in its output.

John the Ripper has found the password

John the Ripper has found the password

If you already have some idea of what the password to your file may be, it can be far more efficient to use a customized wordlist file. Another popular choice is the rockyou.txt file. You can instruct John to use this file with the following command:

$ john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

For additional options, check John’s help output.

$ john --help

Crack zip password with fcrackzip

  1. To use fcrackzip with the rockyou.txt wordlist, use the following command syntax. There’s no need to generate a hash file, as there was with John. 
    $ fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt secret_files.zip
    2. fcrackzip has found the correct password

    fcrackzip has found the correct password

  2. To use a brute force attack, you can use the -b option. It works well with the -v (verbose) option, so you can see what password it’s currently testing. This method will probably take a very long time, as it just tests for random strings, instead of common passwords. 
    $ fcrackzip -v -u -b secret_files.zip
    3. Brute force method with verbose option in fcrackzip

    Brute force method with verbose option in fcrackzip

If you don’t have any luck, you can always try a different wordlist. A customized one with suspected passwords is always going to work best. To see more options for fcrackzip, run the following command.

$ fcrackzip -help

Closing Thoughts

In this guide, we saw two tools on Kali Linux that can be used to crack password protected zip files. We also learned about how to use various wordlists with these tools, which can accelerate the process.

A strong password is still going to be tough to crack, and may take your system a long time to finally come up with the password. Weaker passwords can normally be cracked in a short time by either John the Ripper or fcrackzip.

Related Linux Tutorials: