The text below is selected, press Ctrl+C to copy to your clipboard. (⌘+C on Mac) No line numbers will be copied.
Guest
Crack Password-Protected ZIP Files, PDFs...
By Guest on 16th December 2022 11:33:02 AM | Syntax: PHP | Views: 1



New paste | Download | Show/Hide line no. | Copy text to clipboard
  1. Download & Set Up Zydra
  2. To begin, we need to download Zydra from GitHub — use the wget utility to grab the Python file right from the command line:
  3.  
  4. ~$ wget https://raw.githubusercontent.com/hamedA2/Zydra/master/Zydra.py
  5.  
  6. --2020-07-15 18:41:25--  https://raw.githubusercontent.com/hamedA2/Zydra/master/Zydra.py
  7. Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
  8. Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... connected.
  9. HTTP request sent, awaiting response... 200 OK
  10. Length: 30544 (30K) [text/plain]
  11. Saving to: ‘Zydra.py’
  12.  
  13. Zydra.py             100%[======================>]  29.83K  --.-KB/s    in 0.04s
  14.  
  15. 2020-07-15 18:41:26 (764 KB/s) - ‘Zydra.py’ saved [30544/30544]
  16. Next, and this step is completely optional, let's rename the script making it entirely lowercase. If you're lazy like me, it's just one less key to press:
  17.  
  18.  
  19. ~$ mv Zydra.py zydra.py
  20. We also need to install some dependencies for Zydra to work properly — it uses Python 3, so we can use pip3 to install the extra modules:
  21.  
  22. ~$ pip3 install rarfile pyfiglet py-term
  23.  
  24. Collecting rarfile
  25.  Downloading rarfile-3.1.tar.gz (121 kB)
  26.     |████████████████████████████████| 121 kB 1.0 MB/s
  27. Requirement already satisfied: pyfiglet in /usr/lib/python3/dist-packages (0.8.post0)
  28. Collecting py-term
  29.  Downloading py-term-0.6.tar.gz (5.4 kB)
  30. Building wheels for collected packages: rarfile, py-term
  31.  Building wheel for rarfile (setup.py) ... done
  32.  Created wheel for rarfile: filename=rarfile-3.1-py3-none-any.whl size=24908 sha256=6f16c1h4b06a3f7a7d8v4baa34e9a6d58a949b5a78c2b23bb60c0d62791372e3
  33.  Stored in directory: /home/kali/.cache/pip/wheels/21/50/d0/8da8b10f46113f46c6f0247c5f59401293fb5b15aa7888a4ce
  34.  Building wheel for py-term (setup.py) ... done
  35.  Created wheel for py-term: filename=py_term-0.6-py3-none-any.whl size=6268 sha256=ab75424c7aa6ef71001a24c3e3a558ad3748ee0d6a3c0153c3a0cf955f814a13
  36.  Stored in directory: /home/kali/.cache/pip/wheels/76/cc/73/8ac13320a2a98600008575b936742bbb6025d21d674ca6e2fd
  37. Successfully built rarfile py-term
  38. Installing collected packages: rarfile, py-term
  39. Successfully installed py-term-0.6 rarfile-3.1
  40. Now we should be ready to run Zydra using the python3 command:
  41.  
  42. ~$ python3 zydra.py
  43.  
  44.    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  45.         _______           ______   _______  _______
  46.        / ___   )|\     /|(  __  \ (  ____ )(  ___  )
  47.        \/   )  |( \   / )| (  \  )| (    )|| (   ) |
  48.            /   ) \ (_) / | |   ) || (____)|| (___) |
  49.           /   /   \   /  | |   | ||     __)|  ___  |
  50.          /   /     ) (   | |   ) || (\ (   | (   ) |
  51.         /   (_/\   | |   | (__/  )| ) \ \__| )   ( |
  52.        (_______/   \_/   (______/ |/   \__/|/     \|
  53.  
  54.        Author : Hamed Hosseini
  55.    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  56.  
  57. Usage: zydra.py [options] [args]
  58.  
  59. Dictionary Mode:
  60.   zydra.py -f <file> -d <wordlist>
  61.  
  62. Brute force Mode:
  63.   zydra.py -f <file> -b <char_type> -m <min_length> -x <max_length>
  64.  
  65.   Available char_type:
  66.    <lowercase>  The lowercase letters abcdefghijklmnopqrstuvwxyz
  67.    <uppercase>  The uppercase letters ABCDEFGHIJKLMNOPQRSTUVWXYZ
  68.    <letters>    The concatenation of the lowercase and uppercase
  69.    <digits>     numbers 0123456789
  70.    <symbols>    punctuation characters !#$%&'()*+,-./:;<=>?@[\]^_`{|}~'"
  71.    <space>      space character
  72.   You can select multiple character types.
  73.    Example: zydra.py -f <file> -b <space,digits> -m 1 -x 8
  74.  
  75. zydra.py: error:  Choose a file, Use --help for more info
  76. This gives us a nice little banner, a usage example, and some information about some of the options available. It also gives us an error stating it needs a file, and tells us to use --help for more info; this will give us more details and options:
  77.  
  78.  
  79. ~$ python3 zydra.py --help
  80.  
  81.    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  82.         _______           ______   _______  _______
  83.        / ___   )|\     /|(  __  \ (  ____ )(  ___  )
  84.        \/   )  |( \   / )| (  \  )| (    )|| (   ) |
  85.            /   ) \ (_) / | |   ) || (____)|| (___) |
  86.           /   /   \   /  | |   | ||     __)|  ___  |
  87.          /   /     ) (   | |   ) || (\ (   | (   ) |
  88.         /   (_/\   | |   | (__/  )| ) \ \__| )   ( |
  89.        (_______/   \_/   (______/ |/   \__/|/     \|
  90.  
  91.        Author : Hamed Hosseini
  92.    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  93.  
  94. Usage: zydra.py [options] [args]
  95.  
  96. Dictionary Mode:
  97.   zydra.py -f <file> -d <wordlist>
  98.  
  99. Brute force Mode:
  100.   zydra.py -f <file> -b <char_type> -m <min_length> -x <max_length>
  101.  
  102.   Available char_type:
  103.    <lowercase>  The lowercase letters abcdefghijklmnopqrstuvwxyz
  104.    <uppercase>  The uppercase letters ABCDEFGHIJKLMNOPQRSTUVWXYZ
  105.    <letters>    The concatenation of the lowercase and uppercase
  106.    <digits>     numbers 0123456789
  107.    <symbols>    punctuation characters !#$%&'()*+,-./:;<=>?@[\]^_`{|}~'"
  108.    <space>      space character
  109.   You can select multiple character types.
  110.    Example: zydra.py -f <file> -b <space,digits> -m 1 -x 8
  111.  
  112. Options:
  113.  -h, --help    show this help message and exit
  114.  -d DICTFILE   Specifies dictionary file
  115.  -f FILE       Specifies the file
  116.  -b CHARTYPE   Specifies the character type
  117.  -m MINLENGTH  Specifies minimum length of password
  118.  -x MAXLENGTH  Specifies maximum length of password
  119. Before we can run Zydra, we will need some files to test it out on. I have created a RAR file, ZIP file, and PDF file that you can download and use to follow along. The password for all three of these is "password1" as you'll soon find out. There is also a shadow file you can download, which I got from the Metasploitable virtual machine.
  120.  
  121. Download: all test files | .rar test | .zip test | .pdf test | .shadow test
  122. We'll also need a suitable wordlist. Since our password for these files is pretty simple, we'll use a minimal list for demonstration purposes — this one from the SecLists GitHub repo will work:
  123.  
  124. ~$ wget https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/darkweb2017-top10.txt
  125.  
  126. --2020-07-15 19:08:05--  https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/darkweb2017-top10.txt
  127. Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
  128. Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... connected.
  129. HTTP request sent, awaiting response... 200 OK
  130. Length: 81 [text/plain]
  131. Saving to: ‘darkweb2017-top10.txt’
  132.  
  133. darkweb2017-top10.tx 100%[======================>]      81  --.-KB/s    in 0s
  134.  
  135. 2020-07-15 19:08:05 (3.10 MB/s) - ‘darkweb2017-top10.txt’ saved [81/81]
  136. At this point, we are ready to get cracking.
  137.  
  138.  
  139. Option 1Cracking RAR Files
  140. Zydra can operate in two modes: dictionary and brute force. In dictionary mode, we just need to supply a wordlist with the -d flag. We also need to specify the file we are trying to crack using the -f flag:
  141.  
  142. ~$ python3 zydra.py -f nb-rar.rar -d darkweb2017-top10.txt
  143.  
  144.     @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  145.          _______           ______   _______  _______
  146.         / ___   )|\     /|(  __  \ (  ____ )(  ___  )
  147.         \/   )  |( \   / )| (  \  )| (    )|| (   ) |
  148.             /   ) \ (_) / | |   ) || (____)|| (___) |
  149.           ok   /   /   \   /  | |   | ||     __)|  ___  |
  150.           /   /     ) (   | |   ) || (\ (   | (   ) |
  151.          /   (_/\   | |   | (__/  )| ) \ \__| )   ( |
  152.         (_______/   \_/   (______/ |/   \__/|/     \|
  153.  
  154.         Author : Hamed Hosseini
  155.     @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  156.  
  157. Start time ==> Wed Jul 15 19:08:15 2020
  158.  
  159. Starting password cracking for /root/nb/nb-rar.rar /
  160.  
  161.  [*] Count of possible passwords: 10
  162.     Progress : [#####################################     ] 80.000 %
  163.    [+] Password Found: password1
  164.  
  165. End time ==> Wed Jul 15 19:08:41 2020
  166. Execution time ==> 0:00:25.876620
  167. Once it starts, it gives us the possible password count (basically, how many lines there are in the wordlist) and a progress bar. It doesn't take long before it finds the password and tells us what it is.
  168.  
  169. For brute force mode, we need to set a few more options. We still specify the file to crack, but now we can use the -b flag to set the character types to use for brute forcing. The minimum and maximum length of the password can also be set now, using the -m and -x flags, respectively:
  170.  
  171. ~$ python3 zydra.py -f nb-rar.rar -b letters,digits -m 1 -x 10
  172.  
  173.    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  174.         _______           ______   _______  _______
  175.        / ___   )|\     /|(  __  \ (  ____ )(  ___  )
  176.        \/   )  |( \   / )| (  \  )| (    )|| (   ) |
  177.            /   ) \ (_) / | |   ) || (____)|| (___) |
  178.           /   /   \   /  | |   | ||     __)|  ___  |
  179.          /   /     ) (   | |   ) || (\ (   | (   ) |
  180.         /   (_/\   | |   | (__/  )| ) \ \__| )   ( |
  181.        (_______/   \_/   (______/ |/   \__/|/     \|
  182.  
  183.        Author : Hamed Hosseini
  184.    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  185.  
  186. Start time ==> Wed Jul 15 19:09:01 2020
  187.  
  188. Starting password cracking for /root/nb/nb-rar.rar /
  189.  
  190. [*] Count of possible passwords: 853058371866181866
  191.    Progress : [                                          ] 0.000 %
  192. As you can see, the number of potential passwords is quite large, so while this feature can be useful in certain cases, most of the time it is wise to use the dictionary mode.
  193.  
  194. Now that we have the password, we can extract the contents of the RAR file with the following command:
  195.  
  196. ~$ unrar x nb-rar.rar
  197.  
  198. UNRAR 5.61 beta 1 freeware      Copyright (c) 1993-2018 Alexander Roshal
  199.  
  200. Extracting from nb-rar.rar
  201.  
  202. Enter password (will not be echoed) for test.txt:
  203.  
  204. Option 2Cracking ZIP Files
  205. Cracking ZIP files works pretty much the same way — we'll only use dictionary mode from here on out since it is way more efficient. Just specify the file to crack and wordlist to use:
  206.  
  207. ~$ python3 zydra.py -f nb-zip.zip -d darkweb2017-top10.txt
  208.  
  209.     @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  210.          _______           ______   _______  _______
  211.         / ___   )|\     /|(  __  \ (  ____ )(  ___  )
  212.         \/   )  |( \   / )| (  \  )| (    )|| (   ) |
  213.             /   ) \ (_) / | |   ) || (____)|| (___) |
  214.           ok   /   /   \   /  | |   | ||     __)|  ___  |
  215.           /   /     ) (   | |   ) || (\ (   | (   ) |
  216.          /   (_/\   | |   | (__/  )| ) \ \__| )   ( |
  217.         (_______/   \_/   (______/ |/   \__/|/     \|
  218.  
  219.         Author : Hamed Hosseini
  220.     @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  221.  
  222. Start time ==> Wed Jul 15 19:09:45 2020
  223.  
  224. Starting password cracking for /root/nb/nb-zip.zip /
  225.  
  226.  [*] Count of possible passwords: 10
  227.     Progress : [#####################################     ] 80.000 %
  228.    [+] Password Found: password1
  229.  
  230. End time ==> Wed Jul 15 19:10:10 2020
  231. Execution time ==> 0:00:25.062398
  232. We can see it found the password again with no issues.
  233.  
  234. To extract the contents of the ZIP archive, use the unzip command:
  235.  
  236. ~$ unzip nb-zip.zip
  237.  
  238. Archive:  nb-zip.zip
  239. [nb-zip.zip] example.txt password:
  240. Option 3Cracking PDF Files
  241. For Zydra to work with PDF files, we need to install a program called qpdf first:
  242.  
  243.  
  244. ~$ sudo apt install qpdf
  245.  
  246. Reading package lists... Done
  247. Building dependency tree
  248. Reading state information... Done
  249. The following additional packages will be installed:
  250.   libqpdf28
  251. The following NEW packages will be installed:
  252.   libqpdf28 qpdf
  253. 0 upgraded, 2 newly installed, 0 to remove and 568 not upgraded.
  254. Need to get 1,015 kB of archives.
  255. After this operation, 2,690 kB of additional disk space will be used.
  256. Do you want to continue? [Y/n] y
  257. Get:1 http://kali.download/kali kali-rolling/main amd64 libqpdf28 amd64 10.0.1-2 [479 kB]
  258. Get:2 http://kali.download/kali kali-rolling/main amd64 qpdf amd64 10.0.1-2 [537 kB]
  259. Fetched 1,015 kB in 1s (830 kB/s)
  260. Selecting previously unselected package libqpdf28:amd64.
  261. (Reading database ... 377060 files and directories currently installed.)
  262. Preparing to unpack .../libqpdf28_10.0.1-2_amd64.deb ...
  263. Unpacking libqpdf28:amd64 (10.0.1-2) ...
  264. Selecting previously unselected package qpdf.
  265. Preparing to unpack .../qpdf_10.0.1-2_amd64.deb ...
  266. Unpacking qpdf (10.0.1-2) ...
  267. Setting up libqpdf28:amd64 (10.0.1-2) ...
  268. Setting up qpdf (10.0.1-2) ...
  269. Processing triggers for libc-bin (2.30-4) ...
  270. Processing triggers for man-db (2.9.1-1) ...
  271. Processing triggers for kali-menu (2020.2.2) ...
  272. Now we can crack the PDF by providing the file and wordlist to use, just like before:
  273.  
  274. ~$ python3 zydra.py -f nb-sample.pdf -d darkweb2017-top10.txt
  275.  
  276.     @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  277.          _______           ______   _______  _______
  278.         / ___   )|\     /|(  __  \ (  ____ )(  ___  )
  279.         \/   )  |( \   / )| (  \  )| (    )|| (   ) |
  280.             /   ) \ (_) / | |   ) || (____)|| (___) |
  281.           ok   /   /   \   /  | |   | ||     __)|  ___  |
  282.           /   /     ) (   | |   ) || (\ (   | (   ) |
  283.          /   (_/\   | |   | (__/  )| ) \ \__| )   ( |
  284.         (_______/   \_/   (______/ |/   \__/|/     \|
  285.  
  286.         Author : Hamed Hosseini
  287.     @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  288.  
  289. Start time ==> Wed Jul 15 19:10:30 2020
  290.  
  291. Starting password cracking for /root/nb/nb-sample.pdf /
  292.  
  293.  [*] Count of possible passwords: 10
  294.     Progress : [#####################################     ] 80.000 %
  295.    [+] Password Found: password1
  296.     [*] Your decrypted file is decrypted_nb-sample.pdf
  297.  
  298. End time ==> Wed Jul 15 19:10:55 2020
  299. Execution time ==> 0:00:25.118694
  300. Again, we can see it found the password, but this time there is an additional dialogue. This is simply telling us the file is a decrypted version of the original, which we can verify with the file command:
  301.  
  302. ~$ file decrypted_nb-sample.pdf
  303.  
  304. decrypted_nb-sample.pdf: PDF document, version 1.4
  305.  
  306. Option 4Cracking Shadow Files
  307. Zydra will automatically attempt to crack the password hashes for any users found in Linux shadow files. While it's not always successful, this can be a good method to try out first since it is quick and easy.
  308.  
  309. All we need to do is specify the file with the -f flag and the wordlist with the -d flag:
  310.  
  311. ~$ python3 zydra.py -f nb-shadow -d darkweb2017-top10.txt
  312.  
  313.    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  314.         _______           ______   _______  _______
  315.        / ___   )|\     /|(  __  \ (  ____ )(  ___  )
  316.        \/   )  |( \   / )| (  \  )| (    )|| (   ) |
  317.            /   ) \ (_) / | |   ) || (____)|| (___) |
  318.          ok   /   /   \   /  | |   | ||     __)|  ___  |
  319.          /   /     ) (   | |   ) || (\ (   | (   ) |
  320.         /   (_/\   | |   | (__/  )| ) \ \__| )   ( |
  321.        (_______/   \_/   (______/ |/   \__/|/     \|
  322.  
  323.        Author : Hamed Hosseini
  324.    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  325.  
  326. Start time ==> Wed Jul 15 19:11:03 2020
  327.  
  328. Starting password cracking for /root/nb/nb-shadow /
  329.  
  330. [*] Count of possible passwords: 10
  331.  [**] cracking Password for: root
  332.    Progress : [##############################################] 100.000 %
  333.    [-] password not found
  334.  
  335.  [**] cracking Password for: sys
  336.  [**] cracking Password for: klog
  337.  [**] cracking Password for: msfadmin
  338.  [**] cracking Password for: postgres
  339.  [**] cracking Password for: user
  340.  [**] cracking Password for: service
  341. End time ==> Wed Jul 15 19:11:26 2020
  342. Execution time ==> 0:00:22.062705
  343. We can see it finds several users, but since we are only using a simple wordlist, it fails to find the password for any of them. Like any other cracking tool, using a more extensive wordlist will increase your chances of successfully recovering a password, but it will also take longer.



  • Recent Pastes