#!/bin/bash if [ $# -ne 1 ]; then echo "Usage: $0 <encrypted.zip>" exit 1 fi ZIPFILE=$1 HASHFILE="$ZIPFILE.hash"
Using zip2john :
bkcrack -C encrypted.zip -k keys -d decrypted.zip This attack is devastating against older ZipCrypto and remains a Kali favorite for CTF challenges. As a security tester, you may need to encrypt payloads or logs with a strong password. Kali’s zip command supports AES-256 via the -e flag:
zipdetails archive.zip | grep "Compression method" Output should show AES-256 . kali linux zip
PASSWORD=$(john --show "$HASHFILE" | cut -d: -f2 | head -1)
zip --password "MyStr0ngP@ss" -e -r archive.zip sensitive_folder/ To enforce AES-256 (not legacy ZipCrypto), use:
For true cross-platform compatibility, 7zip is often superior: PASSWORD=$(john --show "$HASHFILE" | cut -d: -f2 |
zip2john protected.zip > zip_hash.txt This tool extracts the hashed password from the archive. For modern AES-256 encrypted ZIP files, zip2john will still work, but the resulting hash format is different (often starting with $zip2$ ). With the hash file ready, use John in dictionary mode:
You have an encrypted ZIP and one of its original unencrypted files (e.g., a README.txt or a default config).
john --wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt If successful, the password appears within seconds. For stronger passwords, you can enable rules: john --wordlist=/usr/share/wordlists/rockyou
echo "[*] Extracting hash..." zip2john "$ZIPFILE" > "$HASHFILE"
zipdetails -v suspicious.zip | grep -i method If you see AES-256 , expect a longer cracking time. When the ZIP’s internal file structure is partially known, a known-plaintext attack can extract the encryption key without cracking the password. Kali includes bkcrack .
zip -e -o archive.zip files/ -P "pass" Then verify encryption type:
unzip -l suspicious.zip For repeated use, save this script as zipcrack.sh :