Cracking Password Protected ZIP, RAR & PDF using Zydra

Having confidential documents on a system, like a pdf of financial data or a zip including personal images and videos, ensure they’re password-protected so nobody else can access them. Encrypting documents with a password provides security that although the device is under attack, the attackers would be unable to view files while on the system.

Even so, just like everything else, when files have a password, this can be brute-forced. And here we’re trying to understand about zydra, a file brute-forcing tool, and see how it works by brute-forcing a document and inspecting the details. You will only need a Kali Linux and some encrypted files to perform this tutorial. Zydra works in two modes: brute force and dictionary. And we will try the example on each way.

How Files Encrypt?

Files can be password protected using different encryption algorithms, varying on the software and its edition. Linux command line zip uses the older PKZIP algorithm that is unstable and simple to crack. Other software, such as WinZip and 7-Zip, use the efficient AES-256 encryption algorithm. The RAR method used a unique encryption algorithm in previous versions, but the latest versions utilize AES.

In Linux, you can effortlessly generate PDFs in LibreOffice, and the new file can be password-protected. The passwords stored inside Linux shadow files are protected, but the files themselves are not. MD5, SHA-512, SHA-256, Blowfish, and DES are all commonly used for it.

Install Zydra in Kali Linux

Install some prerequisites first.

$ pip3 install rarfile pyfiglet py-term

Git clone the repository from Github.

$ git clone https://github.com/hamedA2/Zydra.git

Run the Setup file.

Files for Testing

We will get several files to check Zydra before we could launch it. There are RAR and ZIP files available to download and use for testing. Soon you will discover the password for each of these is “password1.” We will use a small list for the demo as the password for these files is simple. You can find the list from SecLists GitHub.

Crack ZIP Files

Using a dictionary mode, type file name, and wordlist file.

Crack ZIP Files

Use the found password to unzip the file and read the content.

Crack RAR Files

Set options for a brute-force attack.

  • The “-b” flag is for the character type.
  • The “-m” flag is for minimum length for password.
  • The “-x” flag is for maximum length for password.

As you can notice, the possible passwords are exceedingly high, so this function can be helpful at times. But it is best to utilize the dictionary mode much of the time. We can retrieve the items of the RAR file as we have the password.

Sana Qazi
Sana Qazi is a technical writer specialized in Information Security. She enjoys writing about technology and reading multiple genres like suspense. When not writing, she can be found traveling, dinning out, watching series etc. She manages her medium blog as well.

Most Popular

Android Tips and Tricks for Getting the Most from Your Phone

Gone are the days when phones were only used to make phone calls and send text messages; nowadays, smartphones are more akin to a...

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand...

Mobile Device Safety: Keeping your phone safe from intrusion

You might have heard that the iPhone is almost completely impossible to hack or that Samsung devices have some of the best firewalls in...

How to Detect Phishing Mails and Websites

Not long ago, phishing websites and mails looked quite unprofessional, they were peppered with spelling mistakes and had a distrustful design. Nowadays the digital...