This Knowledge How teaches you how to gain access to a ZIP folder which has an unknown password. The only way to do this is by downloading a program which can crack the password for you, though the process of cracking the password can take days to complete.
Using John the Ripper
1. Understand how this method works. John the Ripper is a free, command line-based program that can be used to crack passwords. Unfortunately, while it is free, it can be tricky to install and use.
2. Download John the Ripper. Go to http://www.openwall.com/john/ in your computer’s web browser, then click the John the Ripper 1.8.0-jumbo-1 (Windows binaries, ZIP, 34 MB) link in the “community enhanced version” section near the bottom of the page.
3. Extract John the Ripper. Double-click the downloaded ZIP folder, click the Extract tab, click Extract all, click Extract, and wait for the window to open.
4. Install John the Ripper. John the Ripper can’t be installed like normal programs, but you can install it to your desktop by moving its folder there and then renaming it to “john”:
- In the extracted window which opens, click the “john180j1w” folder.
- Press Ctrl+C
- Open your desktop, then press Ctrl+V.
- Right-click the folder, then click Rename
- Type in John and press ↵ Enter.
5. Place your ZIP folder in the John the Ripper “run” folder. Copy the folder by clicking it and pressing Ctrl+C, then open the “john” folder, open the “run” folder, click a blank space, and press Ctrl+V.
6. Open Command Prompt. This is your computer’s command line program:
- Click Start .
- Type in command prompt.
- Click Command Prompt at the top of the Start window.
7. Change the directory to John the Ripper’s “run” folder. Type in cd desktop/john/run and press ↵ Enter.
8. Enter the “run” command. Type in zip2john.exe name.zip > name.hash (making sure to replace “name” with the name of your ZIP folder) and press ↵ Enter.
- For a ZIP folder named “hello”, for example, you’d type zip2john.exe hello.zip > hello.hash here.
9. Define the ZIP folder’s hash. Type in name.hash (where “name” is the name of your hash file) and press ↵ Enter. At this point, you’re ready to begin cracking the password.
10. Begin cracking the password. Type in john.exe --pot=name.pot --wordlist=john/run/password.lst name.hash and press ↵ Enter. John the Ripper will begin comparing your ZIP folder’s password to its database of passwords.
- You’ll need to replace “name” in both “name.pot” and “name.hash” with your ZIP folder’s name.
- The “password.lst” file contains a list of passwords and their permutations.
11. Prompt the cracked password to display. Once the password has been determined, you’ll see “Session complete” appear at the bottom of Command Prompt. At this point, you can type in type name.pot (again, substitute your folder’s name for “name”) and press ↵ Enter to view the password for the ZIP folder.
Using Paid Software
1. Understand how this works. The most professional password-cracking software will allow you to crack a file’s password if it’s under a certain number of characters. In order to crack most files, though, you’ll need to purchase the program.
- The positive side of using these programs is that they are usually user-friendly.
2. Know what to look for. Your selected password cracker should come with a free trial, and it should be able to use brute-force password techniques.
3. Download and install a professional password cracker. The following options are recommended, though you will ultimately need to buy the software:
- Advanced Archive Password Recovery — https://www.elcomsoft.com/archpr.html
- Zip Password Recovery Professional — http://download.cnet.com/ZIP-Password-Recovery-Professional/3000-18501_4-75031119.html
- ZipKey — https://www.passware.com/kit-standard/freedemo/
4. Open your password cracker. Once you’ve installed your password cracker, open it by clicking or double-clicking its program icon.
5. Select your password-protected ZIP folder. You’ll usually do this by clicking Browse, Open, or Add in the program, selecting the ZIP folder that you want to crack, and clicking Open or Choose.
- Some password crackers may allow you to click and drag the ZIP folder into the program’s window.
6. Choose a password-guessing option. In most cases, you’ll want to select the Brute force option, but you may be able to select Dictionary (or similar) to check a list of words similar to one that you input.
- The Dictionary method is best used for instances in which you either know part of the password or know the phrase that you used (but not the capitalization or characters).