Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   pkzip password (https://forum.exetools.com/showthread.php?t=19443)

eychei 02-23-2020 09:30
pkzip password
 
Hi everyone,

I am trying to brute-force a password for a zip file.
It is encypted with ZipCrypto Deflate.

Using John or Hashcat this will take for ever.
The zip file contains multiple files, good thing is that there is a xml file in there.
I am now trying to get the master key by using bkcrack.

First problem is I can not compile bkcrack. Does someone have a binary for windows?

Maybe someone does have a better solution for this zip file.

Hope someone can help.

-e

ketan 02-23-2020 12:03
Deflate is compression method.

Zip encryption may be classic or AES. Former gives much more chances.

ionioni 02-23-2020 14:09
Quote:
Originally Posted by eychei (Post 119399)
I am trying to brute-force a password for a zip file.
It is encypted with ZipCrypto Deflate.
First problem is I can not compile bkcrack. Does someone have a binary for windows?
rbkcrack = bkcrack+zip64 file support, git link or binary for windows

eychei 02-23-2020 18:25
Ok trying rbkcrack will report.

Thx

eychei 02-24-2020 00:10
Its me again:)

I am hitting a wall here.

So I have a ZipCrypto Deflate XML file in a Zip. This XML file does start with a <?xml version="1.0" .

When using rbkcrack I can get a key buuuuttt this seems not to work for extrating the files. This is reasonable because the file is also compressed and my plaintext is not.

I compiled bkcrack and p7zip just to make sure. No change in the key.

So my problem is, how can I find the deflated plaintext for the XML file?
Can I just use the first 19 bytes and zip it with deflate and use the hex bytes for the attack? How can I find the exact compression method. Because changing anything (compression rate) will change the data.

-e

chants 02-24-2020 06:25
On the github you can read example/tutorial.md. it answers this: https://github.com/Aloxaf/rbkcrack/blob/master/example/tutorial.md

So you need to check if the XML is stored or deflated. If its stored you can easily use your 12 bytes of plain text to crack it. If its deflated the attack is no longer practical and you are better off hunting the web for the full XML file. Also some XML files can have UTF byte markers or even non standard white space at the start, not all are clean xml. Something else to consider.

ionioni 02-24-2020 18:39
just in case you still wanna play with it, this is bkcrack binary for windows, compiled using the sources from git

eychei 02-24-2020 18:48
@chants
I did read the tutorial and unfortunately my file is deflated. I will try to search for some files in the net.

@ionioni
thanks for the compiled windows version. I did compile it in ubuntu but will use your windows version instead.


All times are GMT +8. The time now is 12:27.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX