Letterpad
LoginRegister

Cracking protected ZIP files (Linux)

Author name
tcincere
Cyber-security Graduate
Published on
3 min read
Cracking protected ZIP files (Linux)

Introduction to ZIP

The zip binary allows users to package and compress archive files. The companion program unzip unpacks ZIP archives. As stated in the man page, zip "puts one or more compressed files into a single ZIP archive". It also adds information such as the "name, path, date" along with the archive.

Note: ZIP uses the PKZIP  encryption algorithm which has known security weaknesses. In the modern day, using stronger algorithms like AES-256 will offer far greater security.

We will first create a test ZIP archive within the /tmp/zip/ directory. One must have zip installed on their distribution of choice; install it using your package manager.

sudo pacman -S zip
sudo apt install zip

 

Creating a ZIP archive

We can use the -p argument to supply a password to the ZIP command.

zip -p test archive.zip test-archive/

We supply the password, the name of the ZIP file and the target folder. It must be noted, using the -p argument is extremely insecure. As the password is supplied like any other argument, it is saved in clear-text in ~/.bash_history. Therefore, if an attacker compromised the system; attempts to protect the archive would be in vain.

Thus, using  -e  or --encryptwill prompt the user for a password, and it will not be stored. For example:

ZIP password prompt

That's it! It is pretty simple. Now, let's get on to cracking.

 

Cracking a ZIP archive

In order to crack this ZIP file, we first need the hash to brute-force against. Then, tools such as hashcat and john will do the hard work for us. To obtain a hash, we need to use the the zip2john program. This should come installed with john automatically.

To install:

sudo pacman -S john  [arch base]
sudo apt install john  [debian base]

 

Procuring the hash is simple. Invoke ssh2john with the target ZIP file as the argument and output the hash to another file. For example:

ssh2john archive.zip > zip-hash

 

Now, we have the hash of the ZIP file. It will look something similiar to this:

ZIP hash output

Note: I used a ZIP file from a machine on TryHackMe to crack. 

 

Forjohn, we simply specify the format, the wordlist to use in the attack and the hash of the ZIP file. I'll be using rockyou.txt, a well-known wordlist.

Format: zip  or  zip-opencl (for use with dedicated graphics cards). However, you don't need to specify the format as john will automatically detect it.

john --wordlist=/opt/wordlists/rockyou.txt zip-hash

And like magic:

Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
hannah           (archive.zip)
1g 0:00:00:00 DONE (2022-08-24 17:21) 100.0g/s 1638Kp/s 1638Kc/s 1638KC/s 123456..christal
Use the "--show" option to display all of the cracked passwords reliably
Session completed

We get the password.

 

Conclusion

Cracking ZIP files are pretty simple. Obtain a hash, create or use an existing wordlist, specify formats if necessary, and wait. Again, the PKZIP algorithm is  weaker compared to AES-256. Thus, tools like 7zip  will offer greater protection in terms of security.

technologyallcrackinglinux
Author
tcincere

Discussion (0)

Loading Related...
Subscribe