Oct 15, 2021
Simple Brute Force Attack on Zip File Using Python
ZIP is an archive formatter that supports data compression. A ZIP file can be filled by one or more files or directories. The size of ZIP is smaller than the original one. It also support password protection, to protect our data from others. But, if you are somebody who likes making new password, sometimes you will forgot your old password even it’s the simplest one. It’s really annoying right.
The purpose of this article is how to deal with yourself when forget your protected zip file. Please note, it’s for your ZIP file not for other person. Any action into others file is beyond my responsibility. But, trust me, this method will help us a lot. Especially, when we really can’t remember the password that we input before. FYI, this is article I got from @xtremepentest
Okay, let’s go into the code
Initialization
Okay, let’s make some protected file, here is the example, I want to protect three song into ZIP, in this case I give it password password
Well, after successfully protect the file, it will ask us to put the password in every extraction just like the picture below
Okay, our protected file is ready, let’s go into the code section
Code Section
Before all, this will use zipfile module for doing the brute force attack and tqdm modules for built a progress bar to make the attack more realistic.
from tqdm import tqdm
import zipfileIn case you are not yet install that two modules just run this in your terminal.
pip install tqdm
pip install zipfileNext we will ask the user to input the zip file name and the wordlist for doing the dictionary attack.
protected_file = input("Zip file: ")
wordlist = input("Choose wordlist: ")Wordlist is a collection of text that usually used in brute force attack. You can built manually, just save your file as .txt file. Here is the example
...
scooter
richard
soccer
rachel
purple
password
melissa
jackson
angela
arsenal
222222
...I save the above wordlist as my_wordlist.txt. After wordlist created, we need to check is the program is a ZIP file or not. If the program is a ZIP the code will run and if not the code will stop.
try:
zip_file = zipfile.ZipFile(protected_file)
n_pass = len(list(open(wordlist, "rb")))
except:
print("\a")
print("File not zip, exiting...")
exit(0)In the code above, I also read all wordlist to know how many word will be used in the brute force attack. Finally, here we go into the final code when the attack happen.
print("Number of password that will be checked:", n_pass)
print('\n')with open(wordlist, "rb") as wordlist:
for word in tqdm(wordlist, total=n_pass, unit='word'):
try:
zip_file.extractall(pwd=word.strip())
except:
continue
else:
print("\a")
print("[+] Password Found:", word.decode().strip())
print("\a")
print('Exiting...')
exit(0)print("\a")
print("[X] Password not found in the wordlist, try another one")
Well, using the extractall function from zipfile module the brute force will run until the end of the wordlist. If the password matched, it will prompt out the password. But, if not the brute force will be exit.
Implementation
Okay, here is the documentation of the attack scenario that we had built before
Well, yeah the password is password like we declared before. If you want some challenge, try to find this ZIP file password and tell me the answer.
Conclusion
In this article, I was sharing about how to make simple brute force zip file attack by implementing tqdm and zipfile modules. Please use this tutorial wisely for your life.
That’s all from me, thanks for reading. ✌
