Did you find an old zip file while browsing your documents? Does it contain important information? You try to extract it, but a window pops up asking for a password. What if you don’t remember that password? Of course, you will try to brute-force it, but, damn, that’s a lot of combinations. It will take you a long long time to get to the password. What if there’s a simpler way which will get the job done in a matter of minutes? Well, there actually is. It’s called “Known-plaintext attack”. You’re probably thinking, there should be a catch to this. I mean, “just a matter of minutes”? Really?

The problem for this method is that you need to have one of the original files contained in the encrypted archive. This will only be helpful when that zip contains lots of other stuff and you need to have only one of those files for the attack to work.

So, how is this done. First you need pkcrack. It is available for both Unix and Windows. After the download you will be provided with the executables (the guide is for windows). Move your folder to your Desktop (you don’t have to, but we will do so for the purpose of this guide). What we need here is pkcrack.exe.

So how to open it. First open Command Prompt and go to your pkcrack location. Like this:

cd  desktop/pkcrack-1.2.2-win32         (this is the name for my folder)  

Now we are in the pkcrack folder. However, there’s still something we need to do before we can start the cracking process.

Remember that file we needed to have? What you are going to do with it is you are going to compress it using the same compression method as the protected file. Remember this, otherwise it won’t work. So after you do that, move both your zip files, the encrypted one and the plaintext zip, into the pkcrack folder. Now we can start.

The syntax is:

pkcrack -C encrypted-ZIP -c ciphertextname -P plaintext-ZIP  -p plaintextname -d decrypted_file -a  

So let’s use this zip file I found in my pc.

I need access to that password text document, but unfortunately i can’t remember the zip password. However, I can see that image over there (silly name, i know). Luckily i do have a copy of it on my pc so i compress it and now i have the two zip files. Let’s go to pkcrack once again.

pkcrack -C stuff.zip -c "me and the hulk.jpg" -P yay.zip -p "the other hulk image.jpg" -d decrypted.zip -a  

All you have to do now is wait and let pkcrack do the job ;)

P.S. The guide is the same for Unix with some minor changes.