Archiving and compression is a great way to store and prepare files for sending. You can reduce the size of a file, turn a group of files into a single file, and even encrypt and password the contents! Just take a look at this image to see how much it compressed a 28GB text file.
That's 28GB turned into 78MB!
The only set-back can be the dreaded moment that you actually lose an archive password, which I'm sure we all have done. That's why this Null Byte is here to help you solve such a problem.
Here's What You Need
- A locked .zip or .rar file.
- A Linux live CD, or Cygwin, or Linux installation, or a Virtual Machine running Linux.
- An installed copy of rarcrack or fcrackzip.
Step 1 Download & Install RarCrack/fcrackzip
cmd == command to be entered in a terminal emulator
RarCrack and fcrackzip are the tools we are going to use to crack the archive. I picked both because fcrackzip is faster at cracking .zip files, but RarCrack is better at the others.
- Download rarcrack or fcrackzip.
- Open a terminal emulator.
- cmd: cd Downloads/
- cmd: tar -zxvf <package-name>
- cmd: cd <new directory>
- cmd: ./configure
- cmd: make && sudo make install
Step 2 Crack an Archive
For the actual task of cracking the archive, I will demonstrate how it is done via a vTutorial. Commands and description are below.
Command
- fcrackzip -b -c a -l 5-6 Desktop/screenshot.zip
Here is another video for using rarcrack:
Command
- rarcrack --type rar ~/Desktop/example.rar
Then just wait for your archives' passwords to be cracked!
Come join the IRC sometime to talk with me one-on-one!
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
9 Comments
So is this a brute force attack basically? I imagine longer passwords can take a long time.
Yeah, it's bruteforce, though they do have options to dictionary attack. WinRAR is actually next to impossible to crack anything more than a 4 character password. Now, when I get my new lappy, well see how strong they really are when I have 500+ cores of processing power xD. I did this using a single core celeron processor with no GPU acceleration, it's literally the worst processor a person can have. It's kind of weird that the computer guy has a awful computer, isn't it? Haha
Also, ZIP archives that are a bit older are vulnerable to text-based attacked. You can use an algorithm to actually figure out the password if you know a word or two from a text file stored in the archive. There was a weakness in the way ZIP files validated passwords.
its good
Really its good but it is not easy to recover password from any zip file, try some thing new like Kernel for Zip recovery tool to repair and recover Zip files and also recover password security without losing any data.
What if you know part of the password. Is it possible to include that in the command to reduce the time for cracking?
for rarcrack try this,
stop the cracking process by ctrl+c, then change the XML file by putting the knowing part in front of the order,
ex: if the password is 'a25' and if you know the first letter is 'a', then put a in front.
<?xml version="1.0" encoding="UTF-8"?>
<rarcrack>
<abc>a0123456789bcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ</abc>
<current>a15</current>
<goodpassword/>
</rarcrack>
then the brute force will start with 'a'
cava
I failed to unzip the file:
gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now
file is 35 kB small (is it complete?), re-download not helped.
Share Your Thoughts