kali下fcrackzip和john破解zip密码
本帖最后由 52lxw 于 2019-7-8 17:00 编辑视频使用教程:https://www.bilibili.com/video/av57617949/使用fcrackziproot@kali:~# fcrackzip --help
fcrackzip version 1.0, a fast/free zip password cracker
written by Marc Lehmann <pcg@goof.com> You can find more info on
http://www.goof.com/pcg/marc/
USAGE: fcrackzip
[-b|--brute-force] use brute force algorithm
[-D|--dictionary] use a dictionary
[-B|--benchmark] execute a small benchmark
[-c|--charset characterset] use characters from charset
[-h|--help] show this message
[--version] show the version of this program
[-V|--validate] sanity-check the algortihm
[-v|--verbose] be more verbose
[-p|--init-password string] use string as initial password/file
[-l|--length min-max] check password with length min to max
[-u|--use-unzip] use unzip to weed out wrong passwords
[-m|--method num] use method number "num" (see below)
[-2|--modulo r/m] only calculcate 1/m of the password
file... the zipfiles to crack
methods compiled in (* = default):
0: cpmask
1: zip1
*2: zip2, USE_MULT_TAB
这里我使用-D -u -p三个参数,字典用的kali自带的rockyou.txt:
root@kali:~# fcrackzip -D -u -p /usr/share/wordlists/rockyou.txt ./Downloads/backup
PASSWORD FOUND!!!!: pw == thebackup
使用john破解,先生成hash文件:
root@kali:~/Downloads# zip2john backup > h.txt
ver 2.0 efh 5455 efh 7875 backup/dump.sql PKZIP Encr: 2b chk, TS_chk, cmplen=269921, decmplen=1868829, crc=920D504C
破解hash:
root@kali:~/Downloads# john h.txt
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP )
Will run 4 OpenMP threads
Proceeding with single, rules:Wordlist
Press 'q' or Ctrl-C to abort, almost any other key for status
Warning: Only 5 candidates buffered for the current salt, minimum 8
needed for performance.
Warning: Only 1 candidates buffered for the current salt, minimum 8
needed for performance.
thebackup (backup/dump.sql)
1g 0:00:00:00 DONE 1/3 (2019-07-02 01:56) 33.33g/s 249000p/s 249000c/s 249000C/s ~sqldump..thedbackup
Use the "--show" option to display all of the cracked passwords reliably
Session completed
谢谢分享 52lxw 发表于 2019-7-2 18:19
是zip的文件名。。。
我的怎么一定要输入zip 的?不然提示找不到文件,而且,加了zip后,命令运行完也没有任何反应的 感谢分享。。。。。。 请教下,最后的backup是路径还是zip啊?
root@kali:~# fcrackzip -D -u -p /usr/share/wordlists/rockyou.txt ./Downloads/backup xiaoyxf 发表于 2019-7-2 17:15
请教下,最后的backup是路径还是zip啊?
root@kali:~# fcrackzip -D -u -p /usr/share/wordlists/rockyou. ...
是zip的文件名。。。 很好,正好需要,感谢 xiaoyxf 发表于 2019-7-3 09:41
我的怎么一定要输入zip 的?不然提示找不到文件,而且,加了zip后,命令运行完也没有任何反应的
你看一下有没有rockyou.txt文件,linux下不是通过后缀来区分文件的 52lxw 发表于 2019-7-3 10:17
你看一下有没有rockyou.txt文件,linux下不是通过后缀来区分文件的
明白了,rockyou.txt文件在的 强学习了