Many users are unaware that, by default, Kali Linux includes a decryption tool for passwords that protect compressed files, although they would be even more surprised to know that it is very simple to use and works perfectly.
On this occasion, the specialists in ethical hacking of the International Institute of Cyber Security (IICS) will show us how to use fcrackzip, one of the best utilities to decrypt passwords in ZIP files. Before proceeding, we remind you that this article was prepared for informational purposes only and does not represent a call to action; IICS is not responsible for the misuse that may occur to the information contained herein
Installation
As mentioned above, fcrackzip should be installed on your system by default. However, ethical hacking experts mention that the tool can be installed manually even without using Kali Linux using the following commands:
$ sudo apt update
$ sudo apt install fcrackzip wordlists
The utility has some default word lists, although you can add any other lists at your disposal. To view all brute force lists stored on your system, run the following command:
$ locate wordlist
This example will use a pre-selected and password-protected ZIP file, in addition to a list of words downloaded from the Internet. To do this, we will create a ‘secret.txt’ file and package it in ZIP using the following commands:
$cat > file.txt
$zip –encrypt secret.zip secret.txt
Enter the password twice
Crack password with fcrackzip
To use fcrackzip with a secret.txt word list, enter the following command:
~$ fcrackzip -u -D -p /home/kali/Desktop/secret.txt /home/kali/Desktop/secret.zip
As shown in the screenshot, the password of the protected file is ‘1234567899’. You can try additional word lists available on Kali Linux or download lists available online for greater success in your attempts in real scenarios.
A strong password will still be difficult to crack, and it may take a long time for your system to recover the correct password the more complex the keyword. Usually, cracking the weakest passwords takes just a few minutes using fcrackzip or any similar tool, ethical hacking experts mention.
Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.