Translate

2017年1月27日星期五

[ root-me ] File - PKZIP

I have the "rockyou.txt" file found on internet with a number of word lists. here is my python code.
  1. import zipfile, tqdm, sys
  2.  zip_file = zipfile.ZipFile("crackme.zip")
  3. ar = [""]*(14344391)
  4. i = 0
  5. with open("rockyou.txt", "r") as f:
  6. for line in tqdm.tqdm(f):
  7. ar[i] = line.strip()
  8. i += 1
  9. found = 0
  10. for j in tqdm.tqdm(range(len(ar))):
  11. try:
  12. zip_file.extractall(pwd=ar[j])
  13. print "password is:", ar[j]
  14. found = 1
  15. break
  16. except:
  17. pass
  18. if not found:
  19. print "password not found"


使用fcrackzip,我们可以尝试猜解密码,因为我们必须从某个地方开始,让我们做一些asumptions:密码是3至5个字符长(-length 3-5),并且仅由小写字母和数字(-字符集A1)。此外,这种方法使大量假阳性的,让我们告诉fcrackzip试图通过解压缩存档(检查密码-使用-解压缩):

  1. $ time fcrackzip --brute-force --charset a1 --lenght 3-5 --use-unzip ch5.zip
  2. PASSWORD FOUND!!!!: pw == 14535
  3. real 37m39.416s
  4. user 4m5.507s
  5. sys 12m34.115s


我们以前的假设不是那么坏的毕竟!


  1. $ unzip ch5.zip
  2. Archive: ch5.zip
  3. [ch5.zip] readme.txt password:
  4. inflating: readme.txt

  1. $ cat readme.txt
  2. Use ZIP password to validate this challenge.
  3. Utiliser le mot de passe de l'archive pour valider le challenge.

密码:14535

沒有留言:

發佈留言