Fcrackzip is a tool that can be used to crack zip files encrypted with ZipCrypto algorithm through dictionary-based and brute-force attack.

The brute force attack can be configured to use the combination of lower,upper, numerical characters or with other symbols or punctuation marks.

Example usage:

fcrackzip -u -v -l 1-6 -c a example.zip

fcrackzip -u -v -l 1-6 -c aA1 example.zip

fcrackzip -u -v -D -p wordlist-dict.txt example.zip (dictionary attack)

Switch Explanation:

-v : verbose output, display the progress of current crack, may slow the progress a little bit

-l : length of password to brute-force in this case (1 to 6 characters)

-c : character set to try (a – lower-alphabet, A-uppercase alphabet, 1-numeric, ! – include [!:$%&/()=?[]+*~#])

-u : verify the zip password in case of multiple possible matches

p/s: It is strongly suggested to use dictionary attack first before going down with brute-force as passwords longer than 6 characters may take (a long) time to crack. A collection of wordlist can be found at PacketStormSecurity website

Debian and Ubuntu users can get fcrackzip from the default apt-get repository.

Windows may download fcrackzip win32 binaries from Schmorp.de website

Recommended Reading