CTF-rootme 题解之File - PKZIP

LINK:https://www.root-me.org/en/Challenges/Cryptanalysis/File-PKZIP

Referrence:https://github.com/danielmiessler/SecLists/tree/master/Passwords

fcrackzip:https://github.com/zyjsuper/fcrackzip

密码字典:http://www.cnblogs.com/bonelee/p/9323488.html

Solution 1:暴力破解

[ BlackArch 下载 ]# fcrackzip -b -c 1  -l 1-10  -u ch5.zip
PASSWORD FOUND!!!!: pw == 14535

 Solution 2:字典破解

使用这个字典:https://raw.githubusercontent.com/duyetdev/bruteforce-database/master/1000000-password-seclists.txt

[ BlackArch 下载 ]# fcrackzip -D -p  ./1000000-password-seclists.txt -u ch5.zip 
PASSWORD FOUND!!!!: pw == 14535

 

Usage:

[ BlackArch 下载 ]# fcrackzip --help

fcrackzip version 1.0, a fast/free zip password cracker
written by Marc Lehmann <pcg@goof.com> You can find more info on
http://www.goof.com/pcg/marc/

USAGE: fcrackzip
          [-b|--brute-force]            use brute force algorithm  //暴力破解  
          [-D|--dictionary]             use a dictionary  //字典破解
          [-B|--benchmark]              execute a small benchmark
          [-c|--charset characterset]   use characters from charset
          [-h|--help]                   show this message
          [--version]                   show the version of this program
          [-V|--validate]               sanity-check the algortihm
          [-v|--verbose]                be more verbose
          [-p|--init-password string]   use string as initial password/file //初始密码或者指定字典文件使用字典破解时必须使用
          [-l|--length min-max]         check password with length min to max //密码长度(最小-最大)
          [-u|--use-unzip]              use unzip to weed out wrong passwords  //隐藏错误密码打印
          [-m|--method num]             use method number "num" (see below)
          [-2|--modulo r/m]             only calculcate 1/m of the password
          file...                    the zipfiles to crack

methods compiled in (* = default):

 0: cpmask
 1: zip1
*2: zip2, USE_MULT_TAB

 其中-c参数的子参数如下:

-c, --charset characterset-specification
              Select the characters to use in brute-force cracking. Must be one of

                a   include all lowercase characters [a-z]
                A   include all uppercase characters [A-Z]
                1   include the digits [0-9]  //使用数字作为字典
                !   include [!:$%&/()=?{[]}+*~#]
                :   the following characters upto the end of the spe-
                    cification string are included in the character set.
                    This way you can include any character except binary
                    null (at least under unix).
posted @ 2019-03-18 17:34  heycomputer  阅读(652)  评论(0编辑  收藏  举报