Cracking ZIP files with fcrackzip

To crack a zip file password there are many tools out there. Since I'm primarily using Linux I went with a quick Google search and came across fcrackzip. This is a free program that allows for both dictionary and brute force cracking of zip file passwords. It is not difficult to use and offers a wide range of options.

USAGE: fcrackzip
          [-b|--brute-force]            use brute force algorithm
          [-D|--dictionary]             use a dictionary
          [-B|--benchmark]              execute a small benchmark
          [-c|--charset characterset]   use characters from charse
          [-h|--help]                   show this message
          [--version]                   show the version of this program
          [-V|--validate]               sanity-check the algortihm
          [-v|--verbose]                be more verbose
          [-p|--init-password string]   use string as initial password/file
          [-l|--length min-max]         check password with length min to max
          [-u|--use-unzip]              use unzip to weed out wrong passwords
          [-m|--method num]             use method number "num" (see below
          [-2|--modulo r/m]             only calculcate 1/m of the password
          file...                    the zipfiles to crack

As you can see there's even more than one type of cracking type that can be used. If you use the --benchmark option fcrackzip will tell you how many passwords per second can be tried on your machine so you can pick the fastest option.

$ fcrackzip -B
 cpmask: (skipped)
 zip1, TARGET_CPU=0: cracks/s = 2605800
 zip2, TARGET_CPU=0, USE_MULT_TAB: cracks/s = 291643
 zip3, TARGET_CPU=5: cracks/s = 2654230
 zip4, TARGET_CPU=5, USE_MULT_TAB: cracks/s = 3457467
 zip5, TARGET_CPU=6: cracks/s = 2719698
*zip6, TARGET_CPU=6, USE_MULT_TAB: cracks/s = 3483529

On my Eee 901, zip6 is the fastest type to use. So if you wanted to use a brute force attack from 4-8 characters on “secret.zip” you would use the following command:

$fcrackzip -v -m zip6 -l 4-8 -u secret.zip

To break the command down:

  • v is for verbose and gives you better output
  • m specifies the mode to use, in this case zip6
  • l specifies the minimum password length to maximum password length
  • u tells the program to test the password with unzip before declaring it correct

This will run through all those possibilities and will take some time depending on how long the password is and how many you will be trying. It is much faster to use a dictionary based crack. Using that is just as easy.

$ fcrackzip -v -D -u -p /usr/share/dict/words secret.zip

Here the only difference is the -D to specify a dictionary based attack and -p which is used to specify the password file. This file should contain one word per line and on Linux systems there's a nice dictionary included in /usr/share/dict/words.

To sum everything up, fcrackzip is a great little tool that is free and open source. It allows you to recover lost passwords to your zip files and has multiple ways of doing so and can find the best way to do it on your system. Overall I think this is a great little tool. For more information on it check out fcrackzip's homepage.

Tags: