Sinisterly

Full Version: How to make zip password bruteforcer
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hey, have you ever found encrypted zip that you really wanted open, but you had no password?
Well, this tutorial is just for you. We will learn how to code our own simple zip password bruteforcer.

(Sorry for my bad English, I know I should learn it better...)

At begin of our script, there should be shellbang line. That line will tell system that our script should be run in python.
Code:
#!/usr/bin/env python

Now we have to import libraries. We will import zipfile (so we can work with zip files) and sys.
Code:
import zipfile, sys

Our script should now load zip file from specific path. We will get path dynamically, as script argument. Also, we should handle potential error when user don't specify path to zip file.
Code:
try:
    zFile = zipfile.ZipFile(sys.argv[1])
except:
    print "[-] Zipfile not found."
    print "Usage: " + sys.argv[0] + " unzipMe.zip wordlist.lst"
    sys.exit()
Second line creates instance of ZipFile object (found in library zipfile), and as parameter it expects path to zip file. We enter it as first argument of our script.
Second part (starting with except) will run only if code in try section fails. That's why we print error here. sys.exit() will stop script.

Now should our script load wordlist file, specified as second argument.
Code:
try:
    fWordlist = open(sys.argv[2], 'r')
except:
    print "[-] Wordlist not found"
    print "Usage: " + sys.argv[0] + " unzipMe.zip wordlist.lst"
    sys.exit()
Same as above, we will try to open file with passwords, and we will print error if it fails.

It's time to read all passwords from loaded wordlist file.
Code:
passlist = fWordlist.readlines()

Now, when we have all things ready, is time to finally start brute-forcing our zip file. We will remove all unwanted characters from each password (as \n standing for new line in UNIX-like systems) and then proceed to trying to open zip file with it.
Code:
for pwd in passlist:
    pwd = pwd.strip()
    try:
        zFile.extractall(pwd=pwd)
        print "[+] Found password: " + pwd
    except:
        print "[-] Wrong password: " + pwd

That's all. We have coded our first zip password bruteforcer.
You can find whole script here.
>wordlist
>wordlist
>wordlist
>wordlist
>bruteforcing
>wordlist
>wordlist
>...

[Image: McFucking%20kill%20yourself.jpg]
(05-06-2014, 09:31 PM)IcanFLY Wrote: [ -> ]>wordlist
>wordlist
>wordlist
>wordlist
>bruteforcing
>wordlist
>wordlist
>...

[Image: McFucking%20kill%20yourself.jpg]
Hey now, be nice, a word list can beat a brute forcer. Besides, his English is obviously bad, he doesn't know the difference between "brute force" and "dictionary"
(05-06-2014, 09:31 PM)IcanFLY Wrote: [ -> ]>wordlist
>wordlist
>wordlist
>wordlist
>bruteforcing
>wordlist
>wordlist
>...

[Image: McFucking%20kill%20yourself.jpg]

Most people on the internet now a days think that bruteforcing == wordlist & dictionary attack == actual dictionary. Whatever terminology you use it doesnt matter.

Nice work op, a good tutorial. CURSE ANYONE WHO USES ZIPDOUGH! TAR! TAR!
This is a good tutorial, however, this isn't really a bruteforcer.



But this is;

Code:
import string,itertools

#Programmed by Duubz
#https://www.sinister.ly/User-Duubz
#SInisterly - The world #1 tech forum

def brute():
    length = 1
    charmap = string.printable
    while 1:
        try:
            x = itertools.permutations(charmap, int(length))
            for w in x:
                print( ''.join(w) )
        except: pass
        length += 1
    

if __name__ == '__main__':
    brute()
(05-06-2014, 10:41 PM)vegimite Wrote: [ -> ]Most people on the internet now a days think that bruteforcing == wordlist & dictionary attack == actual dictionary. Whatever terminology you use it doesnt matter.

Nice work op, a good tutorial. CURSE ANYONE WHO USES ZIPDOUGH! TAR! TAR!

You sir, are a genius. I couldn't of said the exact thing any better. However you should of mentioned that a brute_Force_Attack != dictionary_Decipher_Attack. The double equals introduces the mind into reading something as it is true no matter what. Surprisingly our neurons sometimes run on the same 1s & 0 binary concept. You'll learn that once you study basic artificial intelligence.

Nice tutorial, however you could have worked on your English slightly. I give you kudos for not being a native English speaker though.
Nice tutorial, I love how well you explained each step.

Please do make more tutorials.
Good tutorial :3 like it was stated before...people really should use tar D:
Just remember, if you get it off youtube and there is a pass with a survey link, it's probably fake.
Great tutorial! I will use this.