Since I had never tried to write a zip password cracker, I figured it was about time.
I haven’t read through Violent Python yet, but I know that this is one of the examples from it. With that in mind, I figured this would be a good exercise and another useful tool for my arsenal.
First things first, I had to create my password protected zip file.
When I attempted to open this file, it prompted me for a password.
With the zip file in place, I created the following Python script.
import zipfile from time import time def main(): try: myZip = zipfile.ZipFile("secret.zip") except zipfile.BadZipfile: print "[!] There was an error opening your zip file." return password = '' timeStart = time() with open("10_million_password_list_top_10000.txt", "r") as f: passes = f.readlines() for pass_count, x in enumerate(passes): password = x.strip() try: myZip.extractall(pwd = password) totalTime = time() - timeStart print "\nPassword cracked: %s\n" % password print "%i password attempts per second." % (pass_count/totalTime) return except Exception as e: if str(e) == 'Bad password for file': pass # TODO: properly handle exceptions? elif 'Error -3 while decompressing' in str(e): pass # TODO: properly handle exceptions? else: print e print "Sorry, password not found." if __name__ == '__main__': main()
This opens up the specified zip file (in this case, secret.zip), and attempts to extract it using each password in the provided wordlist one by one. If the program throws no exceptions, then it means the archive was successfully extracted (which means the password was found). In this case, it prints out the cracked password as well as how many password attempts per second it performed (for statistical purposes).
With everything in place, I grabbed a password list and fired the script up.
When I went back to the directory, I found the file that I originally hid in the archive.
Some of my next steps will be to add better reporting about the contents and cracking status, as well as maybe looking into threading or support for other file types.
The code and updates can be found in my GitHub repository.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.