[infobox style=’info’ static=’1′]Challenge Link: https://www.hacking-lab.com
Date Completed: May 2016[/infobox]
The challenge is about breaking the password protected zip file given in the challenge link (Gehem.zip). There are lot of tools available for brute forcing. I was in the Kali Linux 2016 Os and it was updated to the very best version. As the task here is brute force, I have assumed that the password will be small and will not be complex. I decide to brute force the zip file with a tool called fcrackzip. I can also using Hacking-Lab live cd where this tool is preloaded in it.
As I’m not familiar with fcrackzip, so just fired up its manual and set following options:-
- brute-force (-b)
- Character set – Lets try lowercase only (-c).
- Password length – I tried characters in length 3 to 5 (-l).
- Use unzip – this function will unzip the zipped archive if password hits true (-u).
fcrackzip -b -c a -l 3-5 -u Geheim.zip
And after few seconds of brute forcing, Taddaaa it found the correct password as ‘close’. Then I tried opening the zip with the obtained password and it was a success.
The problem lies in the zip archive, the zip format was designed to allow quick responses if a password is wrong or right. This makes it vulnerable to bruteforcing. And there doesnt have any method which checks the number of failed attempts. The chances are just unlimited, the only thing is the time required for iterating through each outcomes. So to make a zip file secure its always a good idea to make password strong.
[infobox style=’result’ static=’1′]Flag: Congratulations, you have found the password!