How to crack the password of a ZIP file with Kali Linux

Many users are unaware that, by default, Kali Linux includes a decryption tool for passwords that protect compressed files, although they would be even more surprised to know that it is very simple to use and works perfectly.

On this occasion, the specialists in ethical hacking of the International Institute of Cyber Security (IICS) will show us how to use fcrackzip, one of the best utilities to decrypt passwords in ZIP files.  Before proceeding, we remind you that this article was prepared for informational purposes only and does not represent a call to action; IICS is not responsible for the misuse that may occur to the information contained herein


As mentioned above, fcrackzip should be installed on your system by default. However, ethical hacking experts mention that the tool can be installed manually even without using Kali Linux using the following commands:

$ sudo apt update
$ sudo apt install fcrackzip wordlists

The utility has some default word lists, although you can add any other lists at your disposal. To view all brute force lists stored on your system, run the following command:

$ locate wordlist

This example will use a pre-selected and password-protected ZIP file, in addition to a list of words downloaded from the Internet. To do this, we will create a ‘secret.txt’ file and package it in ZIP using the following commands:

$cat > file.txt
$zip –encrypt secret.txt
Enter the password twice

Crack password with fcrackzip

To use fcrackzip with a secret.txt word list, enter the following command:

~$ fcrackzip -u -D -p /home/kali/Desktop/secret.txt /home/kali/Desktop/

As shown in the screenshot, the password of the protected file is ‘1234567899’. You can try additional word lists available on Kali Linux or download lists available online for greater success in your attempts in real scenarios.

A strong password will still be difficult to crack, and it may take a long time for your system to recover the correct password the more complex the keyword. Usually, cracking the weakest passwords takes just a few minutes using fcrackzip or any similar tool, ethical hacking experts mention.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.