mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-30 08:30:57 +00:00
1.7 KiB
1.7 KiB
ZIPs tricks
There are a handful of command-line tools for zip files that will be useful to know about.
unzip
will often output helpful information on why a zip will not decompress.zipdetails -v
will provide in-depth information on the values present in the various fields of the format.zipinfo
lists information about the zip file's contents, without extracting it.zip -F input.zip --out output.zip
andzip -FF input.zip --out output.zip
attempt to repair a corrupted zip file.- fcrackzip brute-force guesses a zip password
for passwords <7 characters or so
.
One important security-related note about password-protected zip files is that they do not encrypt the filenames and original file sizes of the compressed files they contain, unlike password-protected RAR or 7z files.
Another note about zip cracking is that if you have an unencrypted/uncompressed copy of any one of the files that is compressed in the encrypted zip, you can perform a "plaintext attack" and crack the zip, as detailed here, and explained in this paper. The newer scheme for password-protecting zip files with AES-256, rather than "ZipCrypto"
does not have this weakness.