5020 - Password protected ZIP

Hacking Lab10620

Challenge

To solve this challenge I simply performed a dictionary attack on the zip file until I had discovered the correct password. Linux tools available are fairly slow and may only test 1000-10000 passwords each second so I decided to use Accent Zip password recovery which is a commercial tool capable of testing upto 600000 passwords a second. The answer was found in under 2 seconds.

Security Questions

  1. The security problem with ZIP files is that there is that they are vulnerable to brute force attacks as it is a client side security scheme.
  2. Due to the nature of ZIP files, the only method of attack is a bruteforce attack. I used a third party tool 'Accent Zip password recovery' to bruteforce the password for this zip. Luckily, the password was short (5 characters) and was a common dictionary word.

    The password was: close
  3. As ZIP files are vulnerable to bruteforce attacks. The password creator could ensure:
    1. their password is of a long size (i.e. 10+ characters) making bruteforce attacks take much longer
    2. their password is not a common dictionary word and contains symbols/numbers/uppercase/lowercase characters

Leave a comment

(required)(will not be published)(required)

Comments

There are no comments yet. Be the first to add one!