In this article, we are about to discuss the fcrackzip- ZIP Password Cracker Tool that could be a third-party tool for cracking zip files passwords.
It’s the simplest tool because it tries to go looking zip file for encrypted files and tries to guess their password.
Here, we’ve mentioned every choice accessible in fcrackzip in order that we are able to use this tool to its better potential.
There are several cases wherever a personal kind of an incorrect password. And unzip reacts quickly to it, it doesn’t even need to decode the entire file.
Whereas the encryption algorithmic rule utilized by ZIP is comparatively secure, fcrackzip created cracking easy by providing hooks for very fast password-cracking, directly within the zip file. Understanding these is crucial to zip password cracking.
Every password’s initial twelve bytes are decrypted at the start. depending on the version of ZIP used to encrypt the file, the primary 10 or eleven bytes are random, followed by one or 2 bytes whose values are kept elsewhere within the zip file, i.e. are notable beforehand.
The password is taken into account wrong once the last bytes don’t match. the only methodology to work out whether or not the password I correct or not, we want to unzip the file and compare the uncompressed length and CRC.
Earlier versions of pkzip keep 2 known bytes. Thus, the error rate was roughly 1/216 =0.01%. pkware ‘improved’ the protection of their format by solely including one byte, therefore the risk of false passwords is currently raised to 0.4%.
Sadly, there’s no possible way to tell apart one byte from two-byte formats, thus we’ve to be conservative.
Features of FcrackZIP
As we are using Kali Linux, fcrackzip tool is installed by default, we just need to open the terminal and just type “fcrackzip –help” and its help command will run and greet you.
- -b: for using brute force algorithms.
- -D: for using a dictionary.
- -B: execute a small benchmark.
- -c: use characters from charset.
- -h: show the help message.
- –version: show the version of this program.
- -V: validate or check the algorithm.
- -v: for verbose mode.
- -p: for using a string as a password.
- -l: for providing a specific length to password.
- -u: for weed out wrong passwords.
- -m: to specify the method number.
Cracking the Password of the ZIP File:
Fcrackzip is a very impactful tool and also quite easy to use for making a brute force attack on any zip file, for that we need to use different-different formats for cracking the password of the zip file.
In order to that we (-b) which allow us to brute force on that zip file, (-c) which defines the charset for the dictionary to brute force.
fcrackzip -b -c ‘a’ file.zip
In the above result, we are seeing all the possible outcomes of the attack if we want to wipe out the wrong passwords we can use (-u) which allow us to see only the correct outcome through the result.
fcrackzip -b -c ‘a’ -u file.zip
This parameter helps us to find out which method of fcrackzip is more impactful in your machine by calculating a benchmark score.
Cracking Numeric Password with a Specific Length
We have created a numeric password protected the zip file with the same command which we use earlier to create a password-protected zip file.
zip –password 123 hackming.zip user.txt
In this case, we use 2 different parameters like (-c ‘1’) we use that parameter earlier but that we use this for a different purpose now we are using this for applying numeric charset. The second parameter is (-l)
This parameter is used to specify the length of the password (minimum length – maximum length).
fcrackzip -b -v -c ‘a’ -l 1-3 -u hackming.zip