Open in app

Sign in

Write

Sign in

Password cracking using KALI

Rajendraprasanth
3 min readSep 23, 2023

--

A Comprehensive Guide to Cracking ZIP Files Using John the Ripper and fcrackzip

ZIP files, while convenient for compressing and grouping multiple files, can sometimes pose a challenge when encrypted with a forgotten passphrase. John the Ripper, often simply referred to as “John,” offers a solution for attempting to retrieve or “crack” these passwords. In this comprehensive guide, we’ll delve deep into how to use `John` for ZIP password recovery. fcrackzip is a lightweight utility designed specifically to address this, allowing users to recover lost ZIP passwords.

Disclaimer: It’s crucial to reiterate that attempting to crack ZIP files without proper authorization is both unethical and illegal. Always ensure you have explicit permission.

1. Understanding John the Ripper:

John the Ripper is a renowned open-source software designed for password cracking. Originally developed for UNIX, John now supports various platforms and has seen significant community contributions, most notably in the “John the Ripper Jumbo” community-enhanced edition, which we’ll be focusing on given its broader support for numerous file formats.

2. Setting Up Your Environment:

  • Installation: Many Linux distributions have John available in their repositories. However, for our purposes, it’s best to use the Jumbo version. It can be cloned from its official GitHub repository and compiled using the provided instructions.
  • Dependencies: Ensure you have necessary dependencies installed, such as libssl-dev, which is required for some of John's functionalities.

3. Preparing the ZIP Hash:

Before attempting to crack a password, John requires the cryptographic hash from the ZIP file:

  • Utilize zip2john to extract this hash:
zip2john /path/to/your/protected.zip > ziphash.txt
  • This command processes the ZIP and extracts the necessary hash into ziphash.txt.

4. Understanding John’s Cracking Methods:

Simple Cracking:

  • For a straightforward attack using John’s default wordlist:
john ziphash.txt

Wordlist Attack:

  • Supply a custom wordlist with the --wordlist option:
john ziphash.txt --wordlist=/path/to/custom/wordlist.txt
  • A plethora of wordlists can be found online, including the famous RockYou list, which contains millions of passwords leaked in real-world breaches.

Rules-Based Attack:

  • John can utilize rules to mutate words from a wordlist, creating variations and potentially matching more passwords:
john ziphash.txt --wordlist=/path/to/wordlist.txt --rules

Incremental Attack:

  • This brute-force method tries all possible character combinations:
john ziphash.txt --incremental=All
  • It’s worth noting that while powerful, incremental attacks can be incredibly time-consuming for complex passwords.

Mask Attack:

  • If you know specific details about the password structure (e.g., starts with four letters followed by four numbers), you can use a mask attack:
john ziphash.txt --mask=?l?l?l?l?d?d?d?d

5. Post-Cracking Steps:

After John cracks the password, retrieve it with:

john --show ziphash.txt

This command displays the ZIP file’s name and its associated password.

1. Introduction to fcrackzip

fcrackzip is a fast password cracker partly written in assembler, designed to crack password-protected ZIP archives. It can work with various methods, ranging from simple brute force to more complex attacks using known parts of the ZIP password.

2. Setting Up Your Environment:

Installation:

  • Most Linux distributions have fcrackzip readily available in their repositories. It can typically be installed using the package manager:
sudo apt install fcrackzip   # For Debian/Ubuntu
sudo yum install fcrackzip   # For CentOS/RedHat
sudo pacman -S fcrackzip     # For Arch Linux

3. Using fcrackzip to Crack ZIP Files:

Brute Force Attack:

  • If you have no idea about the password’s structure or contents, a brute force attack tries all possible combinations:
fcrackzip -b -u protected.zip
  • Here, -b indicates a brute force attack, and -u is used to unzip the file with the found password to ensure its correctness.

Dictionary Attack:

  • For those with a list of potential passwords, a dictionary attack can be more efficient:
fcrackzip -D -p /path/to/wordlist.txt -u protected.zip
  • -D tells the tool to use a dictionary attack, while -p specifies the path to the wordlist.

Known Characters:

  • If you recall parts of the password, fcrackzip can use this information to reduce cracking time:
fcrackzip -u -l 4-6 -c aA1! protected.zip
  • Here, -l denotes the password length (in this case, between 4 and 6 characters), and -c defines the character set (a for lower-case, A for uppercase, 1 for numbers, and ! for special characters).

Reference:

  1. https://www.hackingarticles.in/comprehensive-guide-on-fcrackzip-tool/
  2. https://wiki.bi0s.in/steganography/fcrackzip/
  3. https://www.hackingarticles.in/beginner-guide-john-the-ripper-part-1/
  4. https://www.hackingarticles.in/beginners-guide-for-john-the-ripper-part-2/
  5. https://www.freecodecamp.org/news/crack-passwords-using-john-the-ripper-pentesting-tutorial/
Pentesting
Incident Response
Password Cracking

--

--

Rajendraprasanth

Written by Rajendraprasanth

23 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams