Disclaimer: this tutorial is only for educational purpose and shows how to use FCrackZip for recovering your personal .zip password protected archives. Any abuse could be prosecuted by the laws of the country where you live and is not under my own responsability.

Just to do a practical example, I've created a .zip archive containing a simple text file and I've protected it setting a quite simple password, so we can work quickly.

The password is really short, but follows the other rules of complex passwords: Ale1

As you can see, there are upper and lower case letters and numeric digits.

This cool piece of software can be set for doing a brute-force attack or using a dictionary.

The first method, anyway, is not the most practical, as it often creates a very long list of possible passwords without arriving to a definitive solution (after having checked various combinations: this can be seen for complex passwords and the screen output will be "checking pw: password"):

One way to limit the number of attempts is to use a charset and some kind of "mask" (it's actually a starting point):

In this way you tell to the program to use uppercase and lowercase letters and numeric digits, starting from a password with an uppercase letter, two lowercase letters and one digit.

With more complex passwords, the program usually works for a very long while, but when it finds something that could be similar to the real password its output (note that I've used the -v switch) becomes:

Normally this generates a really long list of possible passwords and it would become impossible to try them all, so it becomes necessary to make the process automatically, saving the resulting possible passwords in a file that you will use later as a dictionary, with the other operational mode of fcrackzip!

For making it easy, I've used a three linux commands pipe.

These commands are in sequence fcrackzip - grep - sed

These three commands perform the following tasks (note that this example is adapted to our very simple password!):

1. fscrackzip finds the possible passwords and, with the -v switch, generate a screen output
2. grep, within the use of REGEXP searches the possible password inside the fcrackzip output and, with the -o switch, prints out only the string matching the regex pattern
3. sed trims out all the starting and ending space characters of the grep's output

The result of this pipe is finally saved in the file named temp_dictionary.txt

To finally find the correct password, fcrackzip is then executed again using its dictionary mode with the following syntax:

1. -D e -p tell fcrackzip to use as starting password the strings contained in the dictionary text file (for each line a word).
2. -u tells it to use unzip to remove the false positives.

In this way, after a very short while (always referring to our example), fcrackzip will find the correct password!

Last week I was trying to connect to my FTP server after I rebooted the server machine and after a lot of time I didn't connect to it. Normally, I use Filezilla FTP client to connect to FTP servers, and I'm running the version 3.5.3 under Windows. […]

Read more

I'm writing this article to warn all those people that think to pay less for developing their own websites. I'm referring, as usual, to my own experience, but I think that the problem could be encountered in a quite high percentage of web applicat[…]

Read more

Torno a scrivere sul mio blog dopo un periodo di assenza un po' forzata (causa vacanze estive ed impegni vari intercorsi nel frattempo e successivamente) e un po' causata dalla poca voglia (lo ammetto!), dato che in questo periodo sono molto stanco. […]

Read more

This software is a PHP solution to quickly setup a web catalogue for an existing website (but it can also be installed as a standalone catalogue web application). /images/products/19.jpg You can buy it in the shop section of this site. I will […]

Read more

This tutorial is the prosecution on how I made my IWE Guestbook application You can find the previous part here. Remember: this is an old tutorial, most of Flash AS written here is obsolete Remember2: this is only a lesson about the interact[…]

Read more