I have the "rockyou.txt" file found on internet with a number of word lists. here is my python code.
import zipfile, tqdm, sys zip_file = zipfile.ZipFile("crackme.zip")- ar = [""]*(14344391)
- i = 0
- with open("rockyou.txt", "r") as f:
- for line in tqdm.tqdm(f):
- ar[i] = line.strip()
- i += 1
- found = 0
- for j in tqdm.tqdm(range(len(ar))):
- try:
- zip_file.extractall(pwd=ar[j])
- print "password is:", ar[j]
- found = 1
- break
- except:
- pass
- if not found:
- print "password not found"
使用fcrackzip,我们可以尝试猜解密码,因为我们必须从某个地方开始,让我们做一些asumptions:密码是3至5个字符长(-length 3-5),并且仅由小写字母和数字(-字符集A1)。此外,这种方法使大量假阳性的,让我们告诉fcrackzip试图通过解压缩存档(检查密码-使用-解压缩):
- $ time fcrackzip --brute-force --charset a1 --lenght 3-5 --use-unzip ch5.zip
- PASSWORD FOUND!!!!: pw == 14535
- real 37m39.416s
- user 4m5.507s
- sys 12m34.115s
我们以前的假设不是那么坏的毕竟!
$ unzip ch5.zip Archive: ch5.zip [ch5.zip] readme.txt password: inflating: readme.txt
$ cat readme.txt Use ZIP password to validate this challenge. Utiliser le mot de passe de l'archive pour valider le challenge.
密码:14535
沒有留言:
發佈留言