How to recover a lost zip file password?
I have some files I was given by my teacher at University, I could chase him up, but I may as well try getting blood from a stone, his response rate isn't great and I completed my degree a year ago!
They're pdf files stored inside password protected zip files. The passwords are networking related, have upper and lowercase and numbers, but no special characters as far as I remember, and some are permutations of each other "passwordL1", "l2Password" etc.
What are the different encryption algorithms employed by .zip files?
How can I determine the protection in use on my zip files?
Where can I find good papers and tools, which will ultimately give me back the pdfs which are annoyingly hidden by the password?
If you haven't already looked at it there's a couple of sources I'd recommend for this.
John the ripper with the community jumbo patch supports zip cracking. If you look at the supported modes there's some options (including the basic brute-force) for cracking zip passwords.
Elcomsoft have good zip crackers including guaranteed recovery under some circumstances
There are also some companies like this one who appear to have GPU accelerated zip cracking, which could speed things up depending on your hardware.
In terms of the approach it sounds like a dictionary based attack with mutation rules(so changing the dictionary with things like leet speak rules) would be the best bet, particularly if you've got the idea that the words would come from a specific domain. Straight brute-force would likely not be a good idea as it tends to top out around 8 characters (unless you're throwing a lot of CPU/GPU power at it)
Because I kind of have an idea of what the passwords are, I'm thinking John the ripper, plus a custom dictionary could be just right. Thanks for taking the time to answer.
I just tried to download John the ripper, but Chrome blocked it saying that it was malicious. Anyone have any experience with this?
@bornfromanegg I've had malware checkers say that Offensive security software (e.g. password crackers) are malware on some occasions, that said a quick check on a couple of downloads of john didn't seem to show an issue in chrome for me... If you're worried about it, you could check the PGP signature on the file to make sure it's not been tampered with when you get it...
You can also use this shell script.
#!/bin/bash echo "ZIP-JTR Decrypt Script"; if [ $# -ne 2 ] then echo "Usage $0 <zipfile> <wordlist>"; exit; fi unzip -l $1 for i in $(john --wordlist=$2 --rules --stdout) do echo -ne "\rtrying \"$i\" " unzip -o -P $i $1 >/dev/null 2>&1 STATUS=$? if [ $STATUS -eq 0 ]; then echo -e "\nArchive password is: \"$i\"" break fi done
There are different recovery suites available. Most of them implement these solutions:
- Brute-force attack
- Dictionary attack
- Biham-Kocher attack (this attack is possible when you have part of the text)
- Stay attack (also plaintext based)
Also this link (from which I got most of my information) suggests that if you used a recent winzip (which is suspected since you encrypted this last year), the encryption is AES with a 128 or 256 bit key. This means you can do nothing more but try a bruteforce attack.
I'm not sure what you're searching in Google. All I'm seeing is freeware / adware crap. Second link is to ubuntu fwcrackzip page.
OK, but can you remove the whole "second link" and "I used tylerl's suggestion", I'm familiar with the whole Google concept and it makes me look lazy, I resent that :) It isn't the second link for me, infact it's not even on the 2nd page! Infact, I asked the question here because of all the crap Google was pulling up! /rant
Password Breaker is a windows software that simulates keyboard typing, theoretically allowing you to break in to any password protected application. It also has native support for Zip files which doesn't rely on typing simulation. Both of these methods support Dictionary & Brute Force Attacks.
Also, we have released a web application that supports recovery of passwords from file formats such as Zip, PDF, Excel & Word.
You can utilize the block & charset functionality of the brute force engine to drastically reduce the no. of combinations by selecting only the characters you need. The blocks can be used to make the parts of the password fixed or permute differently from the rest.
Disclaimer: I work for Maxotek who built these.
Just wanted to add another method using
fcrackzipCLI tool. It's in most Linux distro repos such as Ubuntu & Fedora/CentOS. Using it is pretty straightforward:
$ fcrackzip -b -c a1:$% -l 1-6 -u myencrypted.zip
-b- brute force
-c a1:$%- specifies the character sets to use
-l 1-6- specifies the length of passwords to try
-u- unzip to weed out wrong passwords
$ fcrackzip --help fcrackzip version 1.0, a fast/free zip password cracker written by Marc Lehmann <[email protected]> You can find more info on http://www.goof.com/pcg/marc/ USAGE: fcrackzip [-b|--brute-force] use brute force algorithm [-D|--dictionary] use a dictionary [-B|--benchmark] execute a small benchmark [-c|--charset characterset] use characters from charset [-h|--help] show this message [--version] show the version of this program [-V|--validate] sanity-check the algortihm [-v|--verbose] be more verbose [-p|--init-password string] use string as initial password/file [-l|--length min-max] check password with length min to max [-u|--use-unzip] use unzip to weed out wrong passwords [-m|--method num] use method number "num" (see below) [-2|--modulo r/m] only calculcate 1/m of the password file... the zipfiles to crack methods compiled in (* = default): 0: cpmask 1: zip1 *2: zip2, USE_MULT_TAB