You have an encrypted ZIP and one of its original unencrypted files (e.g., a README.txt or a default config).
# Safe extraction into a read-only, no-exec mount mkdir /mnt/safe_extract mount -t tmpfs -o ro,noexec,nodev,nosuid tmpfs /mnt/safe_extract unzip suspicious.zip -d /mnt/safe_extract Alternatively, use bsdtar (libarchive) which is less prone to parser vulnerabilities:
zipdetails -v suspicious.zip | grep -i method If you see AES-256 , expect a longer cracking time. When the ZIP’s internal file structure is partially known, a known-plaintext attack can extract the encryption key without cracking the password. Kali includes bkcrack .
echo "[*] Cracking with rockyou.txt..." john --wordlist=/usr/share/wordlists/rockyou.txt "$HASHFILE" kali linux zip
Using zip2john :
#!/bin/bash if [ $# -ne 1 ]; then echo "Usage: $0 <encrypted.zip>" exit 1 fi ZIPFILE=$1 HASHFILE="$ZIPFILE.hash"
For true cross-platform compatibility, 7zip is often superior: You have an encrypted ZIP and one of
PASSWORD=$(john --show "$HASHFILE" | cut -d: -f2 | head -1)
7z a -p"secret" -mhe=on -tzip archive.zip folder/ The -mhe=on flag hides the file list (header encryption), something the standard zip command cannot do. When dealing with untrusted ZIP files (e.g., malware samples), you must extract safely without executing any embedded scripts or auto-run features.
echo "[*] Extracting hash..." zip2john "$ZIPFILE" > "$HASHFILE" Kali includes bkcrack
zip --password "MyStr0ngP@ss" -e -r archive.zip sensitive_folder/ To enforce AES-256 (not legacy ZipCrypto), use:
john --wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt If successful, the password appears within seconds. For stronger passwords, you can enable rules: