fcrack — cracking zip files password

arpit arora
4 min readNov 30, 2022

--

What is fcrack zip

Fcrackzip is a free/fast zip password cracker, it was written by Marc lehman. fcrackzip searches each zipfile given for encrypted files and tries to guess the password.

How to Install

Command — sudo apt-get install fcrackzip

Multiple features of fcrackzip

As we are using Kali Linux, fcrackzip tool is installed by default, we just need to open the terminal and just type “fcrackzip –help” and its help command will run and show you the usage options.

  • -b: for using brute force algorithms.
  • -D: for using a dictionary.
  • -B: execute a small benchmark.
  • -c: use characters from charset.
  • -h: show the help message.
  • –version: show the version of this program.
  • -V: validate or check the algorithm.
  • -v: for verbose mode.
  • -p: for using a string as a password.
  • -l: for providing a specific length to password.
  • -u: for weed out wrong passwords.
  • -m: to specify the method number.

I have created a sample.txt file here for the demo purpose using the cat command.

Creating a password protected zip file

Firstly, we have to create a password-protected file in that process we need to select that file which we want to secure with that format, after selecting that file we need to follow the command.

Command: zip –password <password you want> <name of the zip file> <file or data you want to protect>

Cracking the password of the zip file
fcrackzip is a very great tool and also quite easy to use for making a brute force attack on zip file. In order to that we (-b) which allow us to brute force on that zip file, (-c) which define the charset for the dictionary to brute force.

Command: fcrackzip -b -c ‘a’ file.zip

In the above result, we are seeing all the possible outcomes of the attack if we want to wipe out the wrong passwords we can use (-u) which allow us to see only the correct outcome through the result.

Verbose mode

In fcrackzip, verbose is a mode which can be initiated using (-v) parameter. Now verbose mode generates extended information. In our case, verbose mode helps us to get information about the file in that password-protected zip file, like the size of that file, name of that file etc., And the current combination of a dictionary which is applied on that zip file.

Cracking numeric password with a specific length

for that, we have created a numeric password protected the zip file with the same command which we use earlier to create a password-protected zip file.

In the below screenshot you can see we have set a numeric password for the file as ‘1234’

Now lets try to crack this numeric password.

In this case, we use to 2 different parameters like (-c ‘1’) we use that parameter earlier but that we use this for a different purpose now we are using this for applying numeric charset. The second parameter is (-l)

this parameter is used to specify the length of the password (minimum length — maximum length).

Providing initial password

In this parameter we are providing a set initial password for brute force with the name string to supply passwords for dictionary searching, through this we can provide them with the set of strings to add those keywords in their dictionary.

Command: fcrackzip -b -v -c ‘a’ -p fcrack -u file.zip

Dictionary Traversing

In this mode fcrackzip will read the passwords from a file that is given by us, that file must contain one password per line and should be alphabetically ordered so that fcrackzip will work according to its default working.

fcrackzip -D -p rockyou.txt file.zip

Benchmark

This parameter helps us to find out which method of fcrackzip is more impactful in your machine by calculating a benchmark score.

Command: fcrackzip -B

--

--