How to make zip password bruteforcer 05-06-2014, 08:53 PM
#1
Hey, have you ever found encrypted zip that you really wanted open, but you had no password?
Well, this tutorial is just for you. We will learn how to code our own simple zip password bruteforcer.
(Sorry for my bad English, I know I should learn it better...)
At begin of our script, there should be shellbang line. That line will tell system that our script should be run in python.
Now we have to import libraries. We will import zipfile (so we can work with zip files) and sys.
Our script should now load zip file from specific path. We will get path dynamically, as script argument. Also, we should handle potential error when user don't specify path to zip file.
Second line creates instance of ZipFile object (found in library zipfile), and as parameter it expects path to zip file. We enter it as first argument of our script.
Second part (starting with except) will run only if code in try section fails. That's why we print error here. sys.exit() will stop script.
Now should our script load wordlist file, specified as second argument.
Same as above, we will try to open file with passwords, and we will print error if it fails.
It's time to read all passwords from loaded wordlist file.
Now, when we have all things ready, is time to finally start brute-forcing our zip file. We will remove all unwanted characters from each password (as \n standing for new line in UNIX-like systems) and then proceed to trying to open zip file with it.
That's all. We have coded our first zip password bruteforcer.
You can find whole script here.
Well, this tutorial is just for you. We will learn how to code our own simple zip password bruteforcer.
(Sorry for my bad English, I know I should learn it better...)
At begin of our script, there should be shellbang line. That line will tell system that our script should be run in python.
Code:
#!/usr/bin/env python
Now we have to import libraries. We will import zipfile (so we can work with zip files) and sys.
Code:
import zipfile, sys
Our script should now load zip file from specific path. We will get path dynamically, as script argument. Also, we should handle potential error when user don't specify path to zip file.
Code:
try:
zFile = zipfile.ZipFile(sys.argv[1])
except:
print "[-] Zipfile not found."
print "Usage: " + sys.argv[0] + " unzipMe.zip wordlist.lst"
sys.exit()
Second part (starting with except) will run only if code in try section fails. That's why we print error here. sys.exit() will stop script.
Now should our script load wordlist file, specified as second argument.
Code:
try:
fWordlist = open(sys.argv[2], 'r')
except:
print "[-] Wordlist not found"
print "Usage: " + sys.argv[0] + " unzipMe.zip wordlist.lst"
sys.exit()
It's time to read all passwords from loaded wordlist file.
Code:
passlist = fWordlist.readlines()
Now, when we have all things ready, is time to finally start brute-forcing our zip file. We will remove all unwanted characters from each password (as \n standing for new line in UNIX-like systems) and then proceed to trying to open zip file with it.
Code:
for pwd in passlist:
pwd = pwd.strip()
try:
zFile.extractall(pwd=pwd)
print "[+] Found password: " + pwd
except:
print "[-] Wrong password: " + pwd
That's all. We have coded our first zip password bruteforcer.
You can find whole script here.
We are fucked, Eddie!