top of page

Cracking a zip file

When preparing a zip file be sure to use a secure password to encrypt the file. Freeware such Moose O'Malley's Zip Password Cracker Pro can be used to perform dictionary and brute force attacks on an encrypted zip files. However such password crackers have their limitations.

AES-256 encryption is not supported by Zip Password Cracker Pro, and this is currently the default encryption method in the latest version of WinZip.

If you attempt to run a dictionary attack against a zip file with this kind of encryption Cracker Pro will get this message.

Cracker Pro is capable of running both brute force attacks and dictionary attacks. You can set the parameters for a brute force attack. Cracker Pro will generate a list of possible combinations using your settings.

For a dictionary attack you need to download a list of commonly used words such as the Cain & Abel list posted to the Skull Security site. This list contains more than 300,000 words. If you set a password in the StuffIt file compression application, and use the normal method of encryption (under Edit . . . Format Options - on the Zip tab)

. . . you will be able to use Cracker Pro to find the password, by copying and pasting the list on the last tab, "Password List and Test", and then clicking on 'Start ZIP Testing'.

However also note that Cracker Pro doesn't work entirely as you'd expect. It has trouble searching a list as long as 300,000 words and may falsely indicate that the password is not in such a long list. Try breaking up the dictionary list into smaller segments.

bottom of page