Using John the Ripper to Crack Unix Passwords
| Using
FZC to Crack Password-Protected Zip Files |
What is FZC? FZC is a program that cracks zip files (zip is a method
of compressing multiple files into one smaller file) that are password-protected
(which means you're gonna need a password to open the zip file and
extract files out of it). You can get it anywhere - just use a search
engine such as altavista.com.
FZC uses multiple methods of cracking - bruteforce (guessing passwords
systematically until the program gets it) or wordlist attacks (otherwise
known as dictionary attacks. Instead of just guessing passwords systematically,
the program takes passwords out of a "wordlist", which is
a text file that contains possible passwords. You can get lots of
wordlists at www.theargon.com. Thanks to Caboom for this tip). www.astalavista.NET
hase long wordlists as well.
FZC can be used in order to achieve two different goals: you can
either use it to recover a lost zip password which you used to remember
but somehow forgot, or to crack zip passwords which you're not supposed
to have. So like every tool, this one can be used for good and for
evil.
The first thing I want to say is that reading this tutorial... is
the easy way to learn how to use this program, but after reading this
part of how to use the FZC you should go and check the texts that
come with that program and read them all. You are also going to see
the phrase "check name.txt" often in this text. These files
should be in FZC's directory. They contain more information about
FZC.
FZC is a good password recovery tool, because it's very fast and
also support resuming so you don't have to keep the computer turned
on until you get the password, like it used to be some years ago
with older cracking programs. You would probably always get the
password unless the password is longer than 32 chars (a char is
a character, which can be anything - a number, a lowercase or undercase
letter or a symbol such as ! or &) because 32 chars is the maximum
value that FZC will accept, but it doesn't really matter, because
in order to bruteforce a password with 32 chars you'll need to be
at least immortal..heehhe.. to see the time that FZC takes with
bruteforce just open the Bforce.txt file, which contains such information.
FZC supports brute-force attacks, as well as wordlist attacks. While
brute-force attacks don't require you to have anything, wordlist attacks
require you to have wordlists, which you can get from www.theargon.com.
There are wordlists in various languages, various topics or just miscellaneous
wordlists. The bigger the wordlist is, the more chances you have to
crack the password.
Now that you have a good wordlist, just get FZC working on the locked
zip file, grab a drink, lie down and wait... and wait... and wait...and
have good thoughts like "In wordlist mode I'm gonna get the password
in minutes" or something like this... you start doing all this
and remember "Hey this guy started with all this bullshit and
didn't say how I can start a wordlist attack!..." So please wait
just a little more, read this tutorial 'till the end and you can do
all this "bullshit". :)
We need to keep in mind that are some people might choose some
really weird passwords (for example: 'e8t7@$^%*gfh), which are harder
to crack and are certainly impossible to crack (unless you have
some weird wordlist). If you have a bad luck and you got such a
file, having a 200MB list won't help you anymore. Instead, you'll
have to use a different type of attack. If you are a person that
gives up at the first sign of failure, stop being like that or you
won't get anywhere. What you need to do in such a situation is to
put aside your sweet xxx MB's list and start using the Brute Force
attack.
If you have some sort of a really fast and new computer and you're
afraid that you won't be able to use your computer's power to the
fullest because the zip cracker doesn't support this kind of technology,
it's your lucky day! FZC has multiple settings for all sorts of
hardware, and will automatically select the best method.
Now that we've gone through all the theoretical stuff, let's get
to the actual commands.
The command line you'll need to use for using brute force is:
fzc -mb -nzFile.zip -lChr Lenght -cType of chars
Now if you read the bforce.txt that comes with fzc you'll find
the description of how works Chr Lenght and the Type of chars, but
hey, I'm gonna explain this too. Why not, right?...;) (but remember
look at the bforce.txt too)
For Chr Lenght you can use 4 kind of switches...
-> You can use range -> 4-6 :it would brute force from 4
Chr passwors to 6 chr passwords
-> You can use just one lenght -> 5 :it would just brute force
using passwords with 5 chars
-> You can use also the all number -> 0 :it would start brute
forcing from passwords with lenght 0 to lenght 32, even if you are
crazy i don't think that you would do this.... if you are thinking
in doing this get a live...
-> You can use the + sign with a number -> 3+ :in this case
it would brute force from passwords with lenght 3 to passwords with
32 chars of lenght, almost like the last option...
For the Type of chars we have 5 switches they are:
-> a for using lowercase letters
-> A for using uppercase letters
-> ! for using simbols (check the Bforce.txt if you want to see
what simbols)
-> s for using space
-> 1 for using numbers
Example:
If you want to find a password with lowercase and numbers by brute
force you would just do something like:
fzc -mb -nzTest.zip -l4-7 -ca1
This would try all combinations from passwords with 4 chars of
lenght till 7 chars, but just using numbers and lowercase.
*****
hint
*****
You should never start the first brute force attack to a file using
all the chars switches, first just try lowercase, then uppercase,
then uppercase with number then lowercase with numbers, just do
like this because you can get lucky and find the password much faster,
if this doesn't work just prepare your brain and start with a brute
force that would take a lot of time. With a combination like lowercase,
uppercase, special chars and numbers.
Like I said in the bottom and like you should be thinking now,
the wordlist is the most powerfull mode in this program. Using this
mode, you can choose between 3 modes, where each one do some changes
to the text that is in the wordlist, I'm not going to say what each
mode does to the words, for knowing that just check the file wlist.txt,
the only thing I'm going to tell you is that the best mode to get
passwords is mode 3, but it takes longer time too.
To start a wordlist attak you'll do something like.
fzc -mwMode number -nzFile.zip -nwWordlist
Where:
Mode number is 1, 2 or 3 just check wlist.txt to see the changes
in each mode.
File.zip is the filename and Wordlist is the name of the wordlist
that you want to use. Remember that if the file or the wordlist
isn't in the same directory of FZC you'll need to give the all path.
You can add other switches to that line like -fLine where you define
in which line will FZC start reading, and the -lChar Length where
it will just be read the words in that char length, the switche
works like in bruteforce mode.
So if you something like
fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+
FZC would just start reading at line 50 and would just read with
length >= to 9.
Example:
If you want to crack a file called myfile.zip using the "theargonlistserver1.txt"
wordlist, selecting mode 3, and you wanted FZC to start reading
at line 50 you would do:
fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50
Other good feature in FZC is that FZC supports resuming. If you
need to shutdown your computer and FZC is running you just need
to press the ESC key, and fzc will stop. Now if you are using a
brute force attack the current status will be saved in a file called
resume.fzc but if you are using a wordlist it will say to you in
what line it ended (you can find the line in the file fzc.log too).
To resume the bruteforce attack you just need to do:
fzc -mr
And the bruteforce attack will start from the place where it stopped
when you pressed the ESC key.
But if you want to resume a wordlist attack you'll need to start
a new wordlist attack, saying where it's gonna start. So if you
ended the attack to the file.zip in line 100 using wordlist.txt
in mode 3 to resume you'll type
fzc -mw3 -nzfile.zip -nwwordlist.txt -f100
Doing this FZC would start in line 100, since the others 99 lines
where already checked in an earlier FZC session.
Well, it looks like I covered most of what you need to know. I certainly
hope it helped you... don't forget to read the files that come with
the program, and visit http://blacksun.box.sk for more tutorials.
If you have any problem fell free to post your questions on the
message board at blacksun.box.sk, but don't send me any files to
crack for you! Use your own computer power.
|