How to recover a lost zip file password?

  • I have some files I was given by my teacher at University, I could chase him up, but I may as well try getting blood from a stone, his response rate isn't great and I completed my degree a year ago!

    They're pdf files stored inside password protected zip files. The passwords are networking related, have upper and lowercase and numbers, but no special characters as far as I remember, and some are permutations of each other "passwordL1", "l2Password" etc.

    What are the different encryption algorithms employed by .zip files?

    How can I determine the protection in use on my zip files?

    Where can I find good papers and tools, which will ultimately give me back the pdfs which are annoyingly hidden by the password?

  • Rory McCune

    Rory McCune Correct answer

    8 years ago

    If you haven't already looked at it there's a couple of sources I'd recommend for this.

    • John the ripper with the community jumbo patch supports zip cracking. If you look at the supported modes there's some options (including the basic brute-force) for cracking zip passwords.

    • Elcomsoft have good zip crackers including guaranteed recovery under some circumstances

    • There are also some companies like this one who appear to have GPU accelerated zip cracking, which could speed things up depending on your hardware.

    In terms of the approach it sounds like a dictionary based attack with mutation rules(so changing the dictionary with things like leet speak rules) would be the best bet, particularly if you've got the idea that the words would come from a specific domain. Straight brute-force would likely not be a good idea as it tends to top out around 8 characters (unless you're throwing a lot of CPU/GPU power at it)

    Because I kind of have an idea of what the passwords are, I'm thinking John the ripper, plus a custom dictionary could be just right. Thanks for taking the time to answer.

    I just tried to download John the ripper, but Chrome blocked it saying that it was malicious. Anyone have any experience with this?

    @bornfromanegg I've had malware checkers say that Offensive security software (e.g. password crackers) are malware on some occasions, that said a quick check on a couple of downloads of john didn't seem to show an issue in chrome for me... If you're worried about it, you could check the PGP signature on the file to make sure it's not been tampered with when you get it...

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM