Provide steps to recover encrypted zip file passwords.

In this part, you will use the fcrackzip utility to recover lost passwords from encrypted zipped files.
Fcrackzip searches each zip file given for encrypted files and tries to guess the password using brute-
force methods.
The reason we created zip files with varying password lengths was to see if password length influences
the time it takes to discover a password.

Step 1. Introduction to fcrackzip
a. From the terminal window, enter the fcrackzip –h command to see the associated com-
mand options.
![15384|591x401](upload://pGSGkc4WKOncW4L2IooUrTayRBP.png)
In our examples, we will be using the –v, -u, and -l command options. The -l option will be
listed last because it specifies the possible password length. Feel free to experiment with
other options.
Step 2. Recovering passwords using fcrackzip
a. Now attempt to recover the password of the file-1.zip file. Recall that a one-character
password was used to encrypt the file. Therefore, use the following fcrackzip command:
```
[analyst@secOps Zip-Files]$ fcrackzip -vul 1-4 file-1.zip
```
![15385|501x127](upload://6lf07fxKa1WvPUN2yXufYphbRWI.png)
Note: The password length could have been set to less than 1 – 4 characters.
How long does it take to discover the password?
____________________________________________________________________________
It takes less than a second.
b. Now attempt to recover the password of the file-2.zip file. Recall that a two-character
password was used to encrypt the file. Therefore, use the following fcrackzip command:
```
[analyst@secOps Zip-Files]$ fcrackzip –vul 1-4 file-2.zip
```
![15387|601x151](upload://pwKZBLtlfvJAvgTaSKirmUvfAz4.png)
How long does it take to discover the password?
____________________________________________________________________________
It should take about a second.

c. Repeat the procedure and recover the password of the file-3.zip file. Recall that a three-
character password was used to encrypt the file. Time to see how long it takes to dis-
cover a 3-letter password. Use the following fcrackzip command:
```
[analyst@secOps Zip-Files]$ fcrackzip –vul 1-4 file-3.zip
```
![15388|599x150](upload://2ZMZZI0q0630dGPrAQwnNeoNckp.png)
How long does it take to discover the password?
____________________________________________________________________________
Answers will vary depending on platform and actual password used but it should take
about a second or two.

d. How long does it take to crack a password of four characters? Repeat the procedure
and recover the password of the file-4.zip file. Time to see how long it takes to discover
the password using the following fcrackzip command:
```
[analyst@secOps Zip-Files]$ fcrackzip –vul 1-4 file-4.zip
```
![15389|601x153](upload://mtLup9hi9iLHA4nF2KRvE8TmDH8.png)
How long does it take to discover the password?
____________________________________________________________________________
Answers will vary depending on platform and actual password used but it should a few
seconds.
e. How long does it take to crack a password of five characters? Repeat the procedure and
recover the password of the file-5.zip file. The password length is five characters, so we

need to set the -l command option to 1-5. Again, time to see how long it takes to dis-
cover the password using the following fcrackzip command:
```
[analyst@secOps Zip-Files]$ fcrackzip –vul 1-5 file-5.zip
```
![15390|597x150](upload://pKQVXShdkn0vwdwtwNFJK3mS1ab.png)
How long does it take to discover the password?
____________________________________________________________________________
Answers will vary depending on platform and actual password used but it should take
about two minutes.

f. Recover a 6-character Character password using fcrackzip

It appears that longer passwords take more time to discover and therefore, they are
more secure. However, a 6-character password would not deter a cybercriminal.
How long do you think it would take fcrackzip to discover a 6-character password?
____________________________________________________________________________
Answers will vary.
To answer that question, create a file called file-6.zip using a 6-character password of
your choice. In our example, we used JarJar.
```
[analyst@secOps Zip-Files]$ zip –e file-6.zip sample*
```
g. Repeat the procedure to recover the password of th e file-6.zip file using the following

fcrackzip command:
```
[analyst@secOps Zip-Files]$ fcrackzip –vul 1-6 file-6.zip
```
How long does it take fcrackzip to discover the password?
____________________________________________________________________________
Answers will vary depending on platform and actual password used but it will take
much longer (hours).
The simple truth is that longer passwords are more secure because they take longer to
discover.
How long would you recommend a password needs to be for it to be secure?
____________________________________________________________________________
Answers will vary.

Computer Science & Information Technology

You might also like to view...

Which of the following types of charts shows only the relationships between general program tasks without showing specific processing logic?

(A) hierarchy chart (B) flowchart (C) both A and B (D) neither A nor B

View

Computer Science & Information Technology

Filters do not delete data or records

Indicate whether the statement is true or false

View

Computer Science & Information Technology

Modern Language Association (MLA) style is a popular standard for formatting academic research papers, which many schools require.

Answer the following statement true (T) or false (F)

View

Computer Science & Information Technology

The expression getline(cin, message) will continuously accept and store characters typed at the terminal until the ____ key is pressed.

a. Shift b. Enter c. ESC d. Ctrl

View

Computer Science & Information Technology