The most detailed Python batch dictionary brute force crack zip password

Time:2021-6-13

Tool cracking

Two days ago, a wave of project cases came down on the Internet, and the results were all encrypted compressed packets. So I went to the Internet to find a tool to crack compressed packets
Because the tool is too slow to crack, it takes a long time to compress a package. After decompressing three, it gives up and is ready to find another way

Password dictionary

Coincidentally, the cracked three are all 4-digit passwords, which makes me think of relying on the dictionary to crack
Do as you say, and come as soon as you reach out
4位数字密码字典

#Generate password table from 0000 to 9999
f = open('passdict4.txt','w')
for id in range(10000):
  password = str(id).zfill(4)+'\n'
  f.write(password)
f.close()

Sure enough, the guess is right. Is the cracking speed really fast
Xi dada said,Science and technology is the first productive force, and innovation is the first driving force leading development
Since there is a faster method, why not develop an automatic method

Zipfile Library

Python has a library called zipfile, which can extract zip files from its related documents

ZipFile.extractall(path=None, members=None, pwd=None)
Unzip the specified file in the zip document to the current directory.
The path parameter specifies the folder where the parse file is saved
The parameter members specifies the name of the file to be decompressed or the corresponding zipinfo object
The parameter pwd is the decompression password.

Just loop through the zip files in the folder and unzip them one by one
be careful: Python 3 has a Chinese file name with messy code, which can be solved permanently by changing “cp437” in zipfile.py to “GBK” (two places need to be changed)

#Zipfile open the zip file
z = zipfile.ZipFile(f'{file_path}', 'r'
#Path is the decompression path, which is located under the path after unpacking
z.extractall(path=f"{root})
z.close()

On this basis, we add the circular password dictionary
be careful: because the decompression is a password error, an exception will be generated. Here, try except can be used for processing

#Get the contents of the dictionary
passFile = open(r"D:\python\passdict4.txt")
  #Loop to get a single password
 for line in passFile.readlines():
    #Go for a new line
    password = line.strip('\n')
      try:
         zip_file.extractall(path=f"{root}", pwd=password.encode("utf-8"))
		 print(password)
		 #If the password is right, it won't go on
		 break
	except:
		 #Do nothing
		 pass	 
 zip_ File. Close () # to close a file, there must be a memory to free it

After such an operation, I thought it was a great success, but I didn’t expect it to be that simple
Most of the time can be cracked, but there are always some failed to crack, helpless to find a way to each website
At first, I thought it was the wrong way to call the extractall method, but the error was the wrong password, which fascinated me
By chance, I saw an article in one place and learned it
在这里插入图片描述

By default, WinRAR uses AES-256 to encrypt zip files in CTR mode, while traditional encryption uses CRC32 encryption, that is, zip 2.0 traditional encryption algorithm. Although AES-256 is much more secure than zip 2.0 traditional encryption algorithm, it may be compatible with some old decompression software. However, the zipfile module in Python standard library only supports CRC32 encrypted zip files, So it is impossible to decompress through zipfile library without traditional encryption

I’ve already spent so much time. It’s really very kind of me to give up here
Since the encryption method is not the same, then how does the decompression software do the direct decompression
Here came the idea that it would be easy to call the decompression software from the code
So I quickly used the stunt
在这里插入图片描述
Successful search, 7z and other decompression software has related functions

Calling the third party software command line

Configure environment variables
在这里插入图片描述
Check it on the command line
在这里插入图片描述
Nice, configuration is successful

passFile = open(r"D:\python\passdict4.txt")
   for line in passFile.readlines():
      password = line.strip('\n')
      #T test
      command='7z -p'+password+' t '+file_path
      child=subprocess.call(command)
      if(child==0):
         print(password)
         break

Encryption is not the same thing is solved, but the greed is really terrible
Repeated calls to the command line this flash again made me uncomfortable

Pyzipper Library (Ultimate)

I happened to see someone put forward the encryption method
Python has a pyzipper library, which is very compatible. Instead of zipfile, it can read and write AES encrypted zip files
It’s all here. There’s no retreat

Install pyzipper

pip install pyzipper

There will be garbled Chinese name, remember to change it

f1 = open('D:\python\passdict4.txt','r')
with pyzipper.AESZipFile(file_path,'r') as f:
   for i in f1:
       i = i.rstrip('\n')
       f.pwd = str.encode(i)
       try:
           f.extractall(path=f"{root}")
           print(file_ Path + "\ tpassword is" + I)
           break
       except Exception:
           pass
f.close()
f1.close()

This method is perfect
Click to download relevant codes, files and tools

reference resources:
1.[patch cracking] password cracking tool for zip compressed package_ v3.6.0.1
2.Python – batch decompression of zip files
3.Python cracking the compressed package password of colleagues
4.Python implementation of encrypted zip file decompression (password known)
5.Brute force cracking (1) — brute force cracking encrypted zip compressed file by Python script
6.7z command line
7.4. A tool for compiling zip compressed files in Python
8.Detailed explanation of zipfile module in Python
9.The problem of disordered name of zipfile module in Python 3

Recommended Today

Dandelion · Jerry technology weekly Vol.21 – technology weekly · React Hooks vs Vue 3 + Composition API

Dandelion · Jerry technology weekly Vol.21 Choose react or Vue, everyone will have their own answer in their heart. There are many reasons to pick the framework of heart water, but when we ask ourselves, can we really evaluate the difference between the two. Perhaps we should return to the original intention and look at […]