Fcrackzip is a tool that can be used to crack zip files encrypted with ZipCrypto algorithm through dictionary-based and brute-force attack.
The brute force attack can be configured to use the combination of lower,upper, numerical characters or with other symbols or punctuation marks.
Example usage:
- fcrackzip -u -v -l 1-6 -c a example.zip
- fcrackzip -u -v -l 1-6 -c aA1 example.zip
- fcrackzip -u -v -D -p wordlist-dict.txt example.zip (dictionary attack)
Switch Explanation:
- -v : verbose output, display the progress of current crack, may slow the progress a little bit
- -l : length of password to brute-force in this case (1 to 6 characters)
- -c : character set to try (a – lower-alphabet, A-uppercase alphabet, 1-numeric, ! – include [!:$%&/()=?[]+*~#])
- -u : verify the zip password in case of multiple possible matches
p/s: It is strongly suggested to use dictionary attack first before going down with brute-force as passwords longer than 6 characters may take (a long) time to crack. A collection of wordlist can be found at PacketStormSecurity website
Debian and Ubuntu users can get fcrackzip from the default apt-get repository.
Windows may download fcrackzip win32 binaries from Schmorp.de website
Recommended Reading