5020 - Password protected ZIP
Challenge
To solve this challenge I simply performed a dictionary attack on the zip file until I had discovered the correct password. Linux tools available are fairly slow and may only test 1000-10000 passwords each second so I decided to use Accent Zip password recovery which is a commercial tool capable of testing upto 600000 passwords a second. The answer was found in under 2 seconds.
Security Questions
- The security problem with ZIP files is that there is that they are vulnerable to brute force attacks as it is a client side security scheme.
- Due to the nature of ZIP files, the only method of attack is a bruteforce attack. I used a third party tool 'Accent Zip password recovery' to bruteforce the password for this zip. Luckily, the password was short (5 characters) and was a common dictionary word.
The password was: close - As ZIP files are vulnerable to bruteforce attacks. The password creator could ensure:
- their password is of a long size (i.e. 10+ characters) making bruteforce attacks take much longer
- their password is not a common dictionary word and contains symbols/numbers/uppercase/lowercase characters