Attacking Zip File Passwords from the Command Line
Definitely, attempting to crack the hash is faster, but if you are stuck and don't have time to reverse engineer a new file type, this would *eventually* work for you.
See the code below as an example of having John generate the password then passing it to 7zip to try. This should work regardless of chosen encryption, unless you have to specify it when opening the archive. It is not clean, but it should be enough to illustrate.
#!/bin/bash
# Using john the ripper to brute-force a zip container
startTime=$(date)
if [ $(file $1 | grep -c "Zip archive data") ]; then
john -i --stdout | while read i; do # this is john generating password to stdout
echo -ne "\rtrying \"$i\" "\\r
7z -p$i -so e $1 2>&1> /dev/null # this is your zip command
STATUS=$?
if [ $STATUS -eq 0 ]; then
echo -e "\nPassword is: \"$i\"
break # if successful, print the password and quit
fi
done
echo "Start time $startTime"
echo "End time $(date)"
else
echo "The file does not appear to be a zip file"
fi
This approach should work when you are unable to extract the hash, but is much, much slower (not really practical for most applications). See the results below.
...
trying "pmc"
7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-1
Processing archive: test.zip
Extracting Sample_memo.pdf Data Error in encrypted file. Wrong password?
**Sub items Errors: 1**
trying "1234"
7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
Processing archive: test.zip
Extracting Sample_memo.pdf
**Everything is Ok**
Size: 60936
Compressed: 51033
Password is: "1234"
Start time 2015. 01. 03. (토) 19:02:51 KST
End time 2015. 01. 03. (토) 19:02:51 KST
