Howto Crack Zip Files Password in Linux

If you want to crack zip file passwords use fcrackzip.fcrackzip is a fast password cracker partly written in assembler. It is able to crack password protected zip files with brute force or dictionary based attacks, optionally testing with unzip its results.

Install fcrackzip in Ubuntu

sudo aptitude install fcrackzip

This will complete the installation.

Fcrack Syntax

fcrackzip [-bDBchVvplum2] [--brute-force] [--dictionary] [--benchmark] [--charset characterset] [--help] [--validate] [--verbose] [--init-password string/path] [--length min-max] [--use-unzip] [--method name] [--modulo r/m] file.

fcrack Options

-h, –help
Prints the version number and (hopefully) some helpful insights.
-v, –verbose
Each -v makes the program more verbose.
-b, –brute-force
Select brute force mode. This tries all possible combinations of the letters you specify.
-D, –dictionary
Select dictionary mode. In this mode, fcrackzip will read passwords from a file, which must contain one password per line and should be alphabetically sorted (e.g. using (1)).
-c, –charset characterset-specification
Select the characters to use in brute-force cracking. Must be one of

a include all lowercase characters [a-z]
A include all uppercase characters [A-Z]
1 include the digits [0-9]
! include [!:$%&/()=?[]+*~#]
: the following characters upto the end of the spe-
cification string are included in the character set.
This way you can include any character except binary
null (at least under unix).

For example, a1:$% selects lowercase characters, digits and the dollar and percent signs.

-p, –init-password string
Set initial (starting) password for brute-force searching to string, or use the file with the name string to supply passwords for dictionary searching.
-l, –length min[-max]
Use an initial password of length min, and check all passwords upto passwords of length max (including). You can omit the max parameter.
-u, –use-unzip
Try to decompress the first file by calling unzip with the guessed password. This weeds out false positives when not enough files have been given.
-m, –method name
Use method number “name” instead of the default cracking method. The switch –help will print a list of available methods. Use –benchmark to see which method does perform best on your machine. The name can also be the number of the method to use.
-2, –modulo r/m
Calculate only r/m of the password. Not yet supported.
-B, –benchmark
Make a small benchmark, the output is nearly meaningless.
-V, –validate
Make some basic checks wether the cracker works.

fcrackzip Examples

fcrackzip -c a -p aaaaaa

checks the encrypted files in for all lowercase 6 character passwords (aaaaaa … abaaba … ghfgrg … zzzzzz).

fcrackzip --method cpmask --charset A --init AAAA test.ppm

checks the obscured image test.ppm for all four character passwords. -TP fcrackzip -D -p passwords.txt check for every password listed in the file passwords.txt.

Sponsored Link

13 thoughts on “Howto Crack Zip Files Password in Linux

  1. Works but you have to absolutely specify the -u option, otherwise it will tell you “possible password found” for each and every password it tests… also, see the link in Len’s comment above for a solution for the shell metacharacters.

  2. I ma not impressed. I try to use a dictionairy file but in spite of the explanation here and the help option, i cant seem to get the command line right
    fcrackzip -D pw.txt ???
    fcrackzip -D-pw.txt ???
    fcrackzip -Dpw.txt ???
    fcrackzip -D|pw.txt ???

    All error messaging

  3. Help, please. I create zip archive with password 123. Then I run
    fcrackzip -b -c 1 -l 3 -u
    and haven’t only empty string.
    When I use
    fcrackzip -b -c 1 -l 3

    it give me 7 passwords like 049,911 etc, but don’t give 123. What is wrong?

  4. Help, please. I create zip archive with password 123. Then I run
    fcrackzip -b -c 1 -l 3 -u
    and have only empty string.
    When I use
    fcrackzip -b -c 1 -l 3

    it give me 7 passwords like 049,911 etc, but don’t give 123. What is wrong?

  5. Hi all!

    I used the tool for a bruteforce test, the password was in the list of possible password: ok first step correctly done.
    For further test I tried to use the -u option but it doesn’t work: the process is running but not responding, neither with ctrl+c, I have to manually kill the PID.

    Does anybody can help?

  6. It does not work for zip files created with es-file explorer for android.

    I’ve tested, and it failed all the times. It does work with password-protected zip files created with other programs like winrar and winzip.

    Any ideas on what to do?

  7. Where it stores successful passwords when I use ” fcrackzip -b -u” ?? Shows in terminal, saves in file (where ?) ?!

Leave a comment

Your email address will not be published. Required fields are marked *