If you’ve ever forgotten a password for a zip file, you know how frustrating it can be.
There’s no need to worry anymore because in this article we’ll show you how to crack a zip password using a dictionary attack.
Usually, zip files are protected with very simple passwords.
With a dictionary attack, you can use a list of common passwords to try and guess the password for a zip file. This is a very effective method, and it’s easy to do. So let’s get started to code our zip password cracker!
Prerequisites
In order to complete the project you just need:
You don’t need anything more, so we can start with the code.
The code
Imports:
from optparse import OptionParser
import pyzipper
from progress.bar import Bar
Auxiliary methods
def get_wordlist(wordlist_file):
with open(wordlist_file, 'r') as f:
return f.read().split('\n')
The first method gets the wordlist from a file and saves it into a file (if the list is too big, think to use a generator).
def extract(file_name):
with pyzipper.AESZipFile(file_name, 'r') as f:
f.extractall(pwd = bytes(p, 'utf-8'))
This is the method that extracts the file.
The main method
if __name__ == "__main__":
parser = OptionParser()
parser.add_option("-f", "--file", dest="filename",
help="compressed file", metavar="FILE")
parser.add_option("-w", "--wordlist", dest="wordlist",
help="Select the wordlist", metavar="WORDLIST")
(options, args) = parser.parse_args()
print(options.wordlist)
for p in Bar('Processing').iter(get_wordlist(options.wordlist)):
try:
extract(options.filename)
print(f"\n[+] Password found: {p}")
break
except RuntimeError as e:
pass
The first part is just an argument’s parsing, easy to understand.
The extract generates an Exception in case of failure, so into the for loop we try the extract until it doesn’t throw the RuntimeException.
How to launch zip password cracker
Let’s see the complete code:
from optparse import OptionParser
import pyzipper
from progress.bar import Bar
def get_wordlist(wordlist_file):
with open(wordlist_file, 'r') as f:
return f.read().split('\n')
def extract(file_name):
with pyzipper.AESZipFile(file_name, 'r') as f:
f.extractall(pwd = bytes(p, 'utf-8'))
if __name__ == "__main__":
parser = OptionParser()
parser.add_option("-f", "--file", dest="filename",
help="compressed file", metavar="FILE")
parser.add_option("-w", "--wordlist", dest="wordlist",
help="Select the wordlist", metavar="WORDLIST")
(options, args) = parser.parse_args()
print(options.wordlist)
for p in Bar('Processing').iter(get_wordlist(options.wordlist)):
try:
extract(options.filename)
print(f"\n[+] Password found: {p}")
break
except RuntimeError as e:
pass
After saving our script in a file called main.py we can launch it with the following command:
python3 main.py -f test.zip -w wordlist.dic
The output will be something similar to this:
Processing |######################## | 21168/27608
[+] Password found: roland
Conclusion and improvements
With this project, you can see how easy is an attack on a zip password-protected file, so try to use the most secure ones for your important files.
You can also try to make some improvements, you could add numbers to the ends, or maybe you can merge words from two files.
Further readings
If you liked to write the zip password cracker in python, you may want to read those articles: