Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
Since I had never tried to write a zip password cracker, I figured it was about time.
I haven’t read through Violent Python yet, but I know that this is one of the examples from it. With that in mind, I figured this would be a good exercise and another useful tool for my arsenal.
First things first, I had to create my password protected zip file.
When I attempted to open this file, it prompted me for a password.
With the zip file in place, I created the following Python script.
import zipfile
from time import time
def main():
try:
myZip = zipfile.ZipFile("secret.zip")
except zipfile.BadZipfile:
print "[!] There was an error opening your zip file."
return
password = ''
timeStart = time()
with open("10_million_password_list_top_10000.txt", "r") as f:
passes = f.readlines()
for pass_count, x in enumerate(passes):
password = x.strip()
try:
myZip.extractall(pwd = password)
totalTime = time() - timeStart
print "\nPassword cracked: %s\n" % password
print "%i password attempts per second." % (pass_count/totalTime)
return
except Exception as e:
if str(e[0]) == 'Bad password for file':
pass # TODO: properly handle exceptions?
elif 'Error -3 while decompressing' in str(e[0]):
pass # TODO: properly handle exceptions?
else:
print e
print "Sorry, password not found."
if __name__ == '__main__':
main()
This opens up the specified zip file (in this case, secret.zip), and attempts to extract it using each password in the provided wordlist one by one. If the program throws no exceptions, then it means the archive was successfully extracted (which means the password was found). In this case, it prints out the cracked password as well as how many password attempts per second it performed (for statistical purposes).
With everything in place, I grabbed a password list and fired the script up.
When I went back to the directory, I found the file that I originally hid in the archive.
Some of my next steps will be to add better reporting about the contents and cracking status, as well as maybe looking into threading or support for other file types.
The code and updates can be found in my GitHub repository.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.
4 Comments
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
This would work only if the password is in the dictionary.
There is a better approach, if you have at least one unecrypted copy of the files in the archive (and they are all encrypted with the same password). Take a look at PKCrack and try to implement it in Python.
Yea, for sure, but it is just a dictionary attack cracker.
That said, PKCrack would be fun to implement in the next version. That said, it wouldn’t have worked in this example since all I had was plaintext in the archive!
Thanks for the suggestion though, maybe brute force and plaintext attack should be something I add for a version 1.1!
please I want to download the password it does not pass at home I can not download I suplis you
What are you trying to download?