HOW TO

Code a Brute-Force Script for Password Protected Zip Files - Python

How To Code a Brute-Force Script for Password Protected Zip Files - Python

  • Posted
  • Last updated

Python has a build-in module zipfile which one can use for extracting zip files from their python code.
This how-to tutorial will show you how you can use this module to burte-force files with '.zip' extension.


Make sure you've a full access and permission for tasting this on files that does not belong to you, I'll be using a zip file that I created on my computer for demostration purpose.

  


import zipfile
import sys

We'll now create a function that will tell us if the current password in the wordlist is the correct password.


  


def is_password(zip_file, password):
    try:
        zip_file.extractall(pwd=password)
        return True
    except Exception:
        return False

In the above function, we accept two arguments, the first one(zip_file) is a ZipFile class object which has many methods for working with zip files like close, open, getinfo, extract, extrall and more. The second argument is the password to try.
In the extractall method, we passed in the password. If the password failed while extracting the file, it will raise an exception which means the password isn't correct.


  


zip_file_name = input("Enter Zip file~$ ")
password_list = input("Enter password list file~$ ")

# If file name doesn't end with .zip we tell the user
# and quit the program
if not zip_file_name.endswith(".zip"):
    print("Error Only '.zip' file supported")
    exit(1)

# Initialize the ZipFile class
zip_file = zipfile.ZipFile(zip_file_name)

try:
    with open(password_list, "r") as password:
        for pass_w in password:
            pass_w = pass_w.strip()
            sys.stdout.write(f"{pass_w} ==> ")

            if is_password(zip_file, pass_w):
                sys.stdout.write("Found\n")
                print(f"Password is {pass_w}")
                exit(0)
            sys.stdout.write("Not Found\n")
except Exception as err:
    print(err)

except KeyboardInterrupt:
    print("\nQuitting..")
    exit(1)

In the above code, we get the zip file, and a wordlist path from the user, and we check if the zip file doesn't ends with '.zip' Then we throw an error to the user.
zip_file = zipfile.ZipFile(zip_file_name) is use to Initialize the ZipFile class and return the object to the zip_file, Here is the defination of the ZipFile class


  


class zipfile.ZipFile(file, mode='r', compression=ZIP_STORED, allowZip64=True, compresslevel=None, *, strict_timestamps=True)

Full Source Code


  


import zipfile
import sys


def is_password(zip_file, password):
    try:
        zip_file.extractall(pwd=password)
        return True
    except Exception:
        return False


zip_file_name = input(" Enter Zip file~$ ")
password_list = input(" Enter password list file~$ ")

# If file name doesn't end with .zip we tell the user
# and quit the program
if not zip_file_name.endswith(".zip"):
    print("Error Only '.zip' file supported")
    exit(1)

# Initialize the ZipFile class
zip_file = zipfile.ZipFile(zip_file_name)

try:
    with open(password_list, "r") as password:
        for pass_w in password:
            pass_w = pass_w.strip()
            sys.stdout.write(f"{pass_w} ==> ")

            if is_password(zip_file, pass_w):
                sys.stdout.write("Found\n")
                print(f"Password is {pass_w}")
                exit(0)
            sys.stdout.write("Not Found\n")
except Exception as err:
    print(err)

except KeyboardInterrupt:
    print("\nQuitting..")
    exit(1)

Now you need two things to teste the script, first thing is a password protected zip file, then second is a password list.
After running the program, you should see something like this: