🔐 Can you crack this password-protected archive?

ZIP archives can be password-protected using traditional ZIP encryption (ZipCrypto) or stronger AES encryption. Traditional ZIP encryption is relatively weak and vulnerable to various attack methods including dictionary attacks, brute force, and known-plaintext attacks.

1. Download the archive: Download the secret_archive.zip file from the challenge page
2. Verify the protection: Confirm the archive is password-protected
3. Install tools: Set up tools for ZIP password cracking

# Verify the ZIP file
file secret_archive.zip
unzip -l secret_archive.zip

# Install John the Ripper
sudo apt-get install john

# Install fcrackzip
sudo apt-get install fcrackzip

# Install hashcat (optional)
sudo apt-get install hashcat

Method 1: Using John the Ripper

1. Extract the hash: Use zip2john to extract the password hash

# Extract hash from ZIP file
zip2john secret_archive.zip > zip_hash.txt

# View the extracted hash
cat zip_hash.txt

2. Crack with wordlist: Use John with a common wordlist

# Crack using rockyou wordlist
john --wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt

# Show cracked passwords
john --show zip_hash.txt

# Alternative: Use a smaller, targeted wordlist
john --wordlist=/usr/share/wordlists/fasttrack.txt zip_hash.txt

3. Success result: The password is found to be qazxswedcvfrtgbnhyujmkiolp

Method 2: Direct ZIP Cracking

1. Dictionary attack: Use fcrackzip with wordlists

# Dictionary attack with rockyou
fcrackzip -D -p /usr/share/wordlists/rockyou.txt secret_archive.zip

# Dictionary attack with custom wordlist
fcrackzip -D -p /usr/share/wordlists/fasttrack.txt secret_archive.zip

# Verbose output
fcrackzip -v -D -p /usr/share/wordlists/rockyou.txt secret_archive.zip

2. Brute force attack: If dictionary fails, try brute force

# Brute force with length 8-12 characters
fcrackzip -b -c aA1 -l 8-12 secret_archive.zip

# Brute force lowercase + numbers only
fcrackzip -b -c a1 -l 6-10 secret_archive.zip

Method 3: Intelligent Guessing

1. Common patterns: Test common password patterns manually

# Test common patterns
unzip -P "password" secret_archive.zip
unzip -P "123456" secret_archive.zip
unzip -P "qazxswedcvfrtgbnhyujmkiolp" secret_archive.zip
unzip -P "admin" secret_archive.zip

2. Create custom wordlist: Based on context clues

# Create keyboard pattern wordlist
echo -e "qazxswedcvfrtgbnhyujmkiolp\nqwertyuiopasdfghjklzxcvbnm\nqazwsxedcrfvtgbyhnujmikolp\nzxcvbnmasdfghjklqwertyuiop" > custom.txt

# Test with custom wordlist
fcrackzip -D -p custom.txt secret_archive.zip

1. Extract with password: Use the cracked password qazxswedcvfrtgbnhyujmkiolp

# Extract the archive
unzip -P "qazxswedcvfrtgbnhyujmkiolp" secret_archive.zip

# List extracted files
ls -la

# View the flag
cat flag.txt

2. Alternative extraction methods:

# Extract to specific directory
unzip -P "qazxswedcvfrtgbnhyujmkiolp" secret_archive.zip -d extracted/

# Extract with 7zip (if available)
7z x -p"qazxswedcvfrtgbnhyujmkiolp" secret_archive.zip

3. Flag extraction: The flag is contained in flag.txt

Hashcat Integration

1. Convert hash format: Use hashcat for GPU acceleration

# Extract hash in hashcat format
zip2john secret_archive.zip | cut -d: -f2 > hash_for_hashcat.txt

# Crack with hashcat (mode 17200 for PKZIP)
hashcat -m 17200 hash_for_hashcat.txt /usr/share/wordlists/rockyou.txt

# Show cracked passwords
hashcat -m 17200 hash_for_hashcat.txt --show

Known-Plaintext Attack

# If you know part of the content (advanced technique)
# This requires specialized tools like pkcrack
# Not needed for this challenge but good to know

Wordlist Optimization

• Targeted lists: Use context-specific wordlists (seasons, years, common corporate passwords)
• Rule-based attacks: Apply transformation rules to base wordlists
• Hybrid attacks: Combine dictionary words with numbers/symbols

Why This Attack Succeeded

• Weak password: 'qazxswedcvfrtgbnhyujmkiolp' is a long keyboard pattern password that appears vulnerable to specialized pattern attacks
• Traditional ZIP encryption: Uses weaker ZipCrypto instead of AES
• Dictionary vulnerability: Password appears in common wordlists and pattern attacks

Prevention Strategies

• Strong passwords: Use long, complex passwords with mixed characters
• AES encryption: Use modern ZIP tools that support AES-256 encryption
• Alternative formats: Consider 7z, RAR, or other formats with stronger encryption
• Key files: Use combination of password + key file for two-factor protection

• John the Ripper: Comprehensive password cracking suite with zip2john utility
• fcrackzip: Specialized tool for ZIP password cracking with dictionary and brute force modes
• Hashcat: GPU-accelerated password cracking for high-performance attacks
• 7zip/unzip: Standard archive extraction tools for testing passwords
• Custom wordlists: Context-specific password lists for targeted attacks

This ZIP Cracker challenge demonstrates the vulnerabilities inherent in password-protected archives, particularly those using traditional ZIP encryption. The challenge emphasizes the importance of strong password policies, modern encryption methods, and understanding various attack vectors when securing sensitive files. It provides hands-on experience with multiple password cracking tools and methodologies commonly used in penetration testing and digital forensics.