fcrackzip
fcrackzip
One-liner: Command-line tool for cracking password-protected ZIP archives using brute-force or dictionary attacks.
🎯 What Is It?
fcrackzip is a fast, free ZIP password cracker for Linux/Unix systems. It's commonly used in CTFs, forensics, and Incident Response when investigators encounter password-protected ZIP files during investigations.
🛠️ Installation
# Debian/Ubuntu
sudo apt install fcrackzip
# Kali Linux (pre-installed)
fcrackzip --help
💻 Usage
Basic Syntax
fcrackzip [options] <zipfile>
Dictionary Attack
# Using wordlist
fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt archive.zip
Options:
-u : Use unzip to verify (more reliable)
-D : Dictionary attack mode
-p : Specify password file/wordlist
Brute-Force Attack
# Brute force with lowercase letters
fcrackzip -u -b -c a archive.zip
# Brute force with lowercase + uppercase
fcrackzip -u -b -c aA archive.zip
# Brute force with alphanumeric
fcrackzip -u -b -c aA1 archive.zip
# Brute force with all printable characters
fcrackzip -u -b -c '!:aA1' archive.zip
Character sets:
a : lowercase letters (a-z)
A : uppercase letters (A-Z)
1 : digits (0-9)
! : special characters (!@#$%...)
: : all printable ASCII
Specify Password Length
# Passwords 4-6 characters, alphanumeric
fcrackzip -u -b -c aA1 -l 4-6 archive.zip
Options:
-l : Specify min-max length
Verbose Output
fcrackzip -u -D -p wordlist.txt -v archive.zip
Options:
-v : Verbose (show attempts)
💡 Common Use Cases
1. CTF Challenges
# Found password-protected flag.zip
fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt flag.zip
OUTPUT:
PASSWORD FOUND: sunshine123
2. Forensic Investigation
# Suspect's encrypted archive
fcrackzip -u -b -c aA1 -l 6-8 evidence.zip
3. Forgotten Password Recovery
# User forgot their backup password
fcrackzip -u -D -p custom_wordlist.txt backup.zip
⚡ Performance Tips
1. Use Dictionary First
Brute-force is SLOW; try dictionary attacks with common passwords first.
# Rockyou wordlist (14M passwords)
fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt archive.zip
2. Limit Character Set
# If you know password is lowercase only
fcrackzip -u -b -c a -l 6-8 archive.zip
# Much faster than:
fcrackzip -u -b -c '!:aA1' -l 6-8 archive.zip
3. Use Specific Length Range
# If you know password is 6-7 chars
fcrackzip -u -b -c aA1 -l 6-7 archive.zip
📊 Speed Comparison
Dictionary (rockyou.txt):
14M passwords in ~30 seconds
Brute-force (lowercase, 6 chars):
308M combinations in ~4 hours
Brute-force (alphanumeric, 8 chars):
221 trillion combinations in ~50 years
Lesson: Brute-force is only practical for short, simple passwords.
🔗 Related Tools
| Tool | Format | Notes |
|---|---|---|
| fcrackzip | ZIP | Fast, dictionary + brute-force |
| John the Ripper | ZIP | More features, slower |
| pdfcrack | PDF password cracking | |
| Hydra | Network | Online password attacks |
| hashcat | Hashes | GPU-accelerated cracking |
Alternative: John the Ripper
# Extract hash first
zip2john archive.zip > hash.txt
# Crack with John
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
⚠️ Limitations
-
ZIP Encryption Type
- Works best with legacy ZipCrypto
- AES-256 encrypted ZIPs are MUCH harder
-
Speed
- CPU-based (no GPU acceleration)
- Slow for complex passwords
-
False Positives
- Without
-uflag, may report false positives - Always use
-ufor verification
- Without
🎤 Interview Context
Scenario: "You found a password-protected ZIP in a phishing investigation. How do you analyze it?"
STAR Example:
Situation: Discovereddata.zipon compromised endpoint.
Task: Crack password to analyze contents.
Action:
- Used
fcrackzip -u -D -p rockyou.txt data.zip- Found password: "admin123"
- Extracted files: malware dropper + C2 config
Result: Identified attacker infrastructure, blocked IOCs, prevented further compromise.
🔗 Related Concepts
- Password Cracking — Overall technique
- Dictionary Attacks — Wordlist-based cracking
- Brute-force — Exhaustive search method
- John the Ripper — Alternative tool
- Hydra — Network password attacks