fcrackzip zipcloak rockyou
更新履歴
- 2021.03.22
はじめに
- このドキュメントでは,パスワード付きZIPファイルのパスワードを解析するfcrackzipをmacOS Mojaveで使ってみる.
インストール
- 今回はすでにパッケージはインストール済み.
[code]
$ brew info fcrackzip🆑
fcrackzip: stable 1.0 (bottled)
Zip password cracker
http://oldhome.schmorp.de/marc/fcrackzip.html
/usr/local/Cellar/fcrackzip/1.0 (11 files, 72.2KB) *
Poured from bottle on 2021-03-14 at 16:10:53
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/fcrackzip.rb
License: GPL-2.0
==> Analytics
install: 691 (30 days), 1,986 (90 days), 9,658 (365 days)
install-on-request: 691 (30 days), 1,986 (90 days), 9,622 (365 days)
build-error: 0 (30 days)
[macmini2014:nobuaki 18:50:41 ~ ]
$
[/code]
- 過去1年で9600ダウンロードなのでマズマズかな.
パスワード付きZIPファイルを作成する
- macの標準コマンドでパスワード付きZIPファイルを作成する.
- 念の為,設定したパスワードで展開できるかテスト.暗号化前のファイルは削除.
[code]
$ mkdir fcrackzip_test🆑
[macmini2014:nobuaki 18:54:13 ~ ]
$ cd fcrackzip_test🆑
[macmini2014:nobuaki 18:54:19 ~/fcrackzip_test ]
$ echo abc > zipfile.txt🆑
$ zip zipfile.zip zipfile.txt🆑
adding: zipfile.txt (stored 0%)
[macmini2014:nobuaki 18:56:00 ~/fcrackzip_test ]
$ ls -la
total 8
drwxr-xr-x 4 nobuaki staff 128 3 21 18:56 .
drwxr-xr-x+ 45 nobuaki staff 1440 3 21 18:54 ..
-rw-r--r-- 1 nobuaki staff 4 3 21 18:54 zipfile.txt
-rw-r--r-- 1 nobuaki staff 176 3 21 18:56 zipfile.zip🈁
[macmini2014:nobuaki 18:56:04 ~/fcrackzip_test ]
$
[macmini2014:nobuaki 18:56:29 ~/fcrackzip_test ]
$ zipcloak zipfile.zip🆑
Enter password:🔑
Verify password:🔑
encrypting: zipfile.txt
[macmini2014:nobuaki 18:57:00 ~/fcrackzip_test ]
$ ls -la🆑
total 8
drwxr-xr-x 4 nobuaki staff 128 3 21 18:57 .
drwxr-xr-x+ 45 nobuaki staff 1440 3 21 18:54 ..
-rw-r--r-- 1 nobuaki staff 4 3 21 18:54 zipfile.txt
-rw-r--r-- 1 nobuaki staff 188 3 21 19:08 zipfile.zip🈁
[macmini2014:nobuaki 19:00:39 ~/fcrackzip_test ]
$ rm zipfile.txt🆑
[macmini2014:nobuaki 19:09:15 ~/fcrackzip_test ]
$ unzip zipfile.zip🆑
Archive: zipfile.zip
[zipfile.zip] zipfile.txt password:🔑
extracting: zipfile.txt
[macmini2014:nobuaki 19:10:04 ~/fcrackzip_test ]
$ ls -la🆑
total 8
drwxr-xr-x 4 nobuaki staff 128 3 21 19:10 .
drwxr-xr-x+ 45 nobuaki staff 1440 3 21 19:07 ..
-rw-r--r-- 1 nobuaki staff 4 3 21 18:54 zipfile.txt🈁
-rw-r--r-- 1 nobuaki staff 188 3 21 19:08 zipfile.zip
[macmini2014:nobuaki 19:10:06 ~/fcrackzip_test ]
$ rm zipfile.txt🆑
[macmini2014:nobuaki 19:10:16 ~/fcrackzip_test ]
$ ls -la
total 4
drwxr-xr-x 3 nobuaki staff 96 3 21 19:10 .
drwxr-xr-x+ 45 nobuaki staff 1440 3 21 19:07 ..
-rw-r--r-- 1 nobuaki staff 188 3 21 19:08 zipfile.zip
[macmini2014:nobuaki 19:10:18 ~/fcrackzip_test ]
$[/code]
- 今回は4桁アルファベットでパスワードをつけた.
パスワード解析してみる
- まずはコマンドのパラメータを確認.
[code]
$ fcrackzip -h🆑
fcrackzip version 1.0, a fast/free zip password cracker
written by Marc Lehmann <pcg@goof.com> You can find more info on
http://www.goof.com/pcg/marc/
USAGE: fcrackzip
[-b|--brute-force]
use brute force algorithm
[-D|--dictionary]
use a dictionary
[-B|--benchmark]
execute a small benchmark
[-c|--charset characterset] use characters from charset
[-h|--help]
show this message
[--version]
show the version of this program
[-V|--validate]
sanity-check the algortihm
[-v|--verbose]
be more verbose
[-p|--init-password string] use string as initial
password/file
[-l|--length
min-max] check password
with length min to max🈁
[-u|--use-unzip]
use unzip to weed out wrong passwords🈁
[-m|--method
num]
use method number "num" (see below)
[-2|--modulo
r/m]
only calculcate 1/m of the password
file...
the zipfiles to crack
methods compiled in (* = default):
0: cpmask
1: zip1
*2: zip2, USE_MULT_TAB
[macmini2014:nobuaki 19:01:28 ~/fcrackzip_test ]
$
[/code]
- 今回はパスワードは4桁だとわかっているので,-l(える)で」桁数を指定して実行.
- パスワード長を指定しない場合,デフォルトは6文字.
[code]$ fcrackzip -l 4 -u zipfile.zip🆑
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
PASSWORD FOUND!!!!: pw == hage🈁
[macmini2014:nobuaki 19:13:53 ~/fcrackzip_test ]
$
[/code]
- なんだかエラーが出るけれどパスワードは発見された.
- timeコマンドで実行時間を計測.
[code]
$ time fcrackzip -l 4 -u zipfile.zip🆑
〜略〜
PASSWORD FOUND!!!!: pw == hage
real 1m28.966s🈁
user 0m32.084s
sys 0m44.241s
[macmini2014:nobuaki 19:16:42 ~/fcrackzip_test ]
$[/code]
- 2014年の中型機で1分30秒程度か.
パスワードリスト(辞書)を使う
- 2009年にRockyouというSNSでパスワードが漏洩している.
- One Of The 32 Million With A RockYou Account? You May Want To Change All Your Passwords. Like Now.
- https://techcrunch.com/2009/12/14/rockyou-hacked/
- そのパスワードリストが,githubなどに公開されている.
- その1つがこれ.
- brannondorsey/naive-hashcat
- https://github.com/brannondorsey/naive-hashcat/releases/tag/data
- ダウンロードしたファイルがこれ.
[code]
$ ls -la🆑
total 147784
drwxr-xr-x 4 nobuaki staff 128 3 21 19:36 .
drwxr-xr-x+ 45 nobuaki staff 1440 3 21 19:38 ..
-rw-r--r-- 1 nobuaki staff 139921497 3 14 16:30 rockyou.txt🈁
-rw-r--r-- 1 nobuaki staff 188 3 21 19:08 zipfile.zip
[macmini2014:nobuaki 19:38:02 ~/fcrackzip_test ]
$ wc -l rockyou.txt🆑
14344391 rockyou.txt🈁
[macmini2014:nobuaki 19:38:06 ~/fcrackzip_test ]
$
[/code]
- 1400万ワード.
[code]
$ grep -n anggandako rockyou.txt🆑
5286:anggandako
205727:anggandakoh
697215:anggandakono
1272015:sobranggandako
4466877:qanggandako
4959672:oanggandako
10088175:anggandakou
10088176:anggandakotrue
10088177:anggandakotalagasuper
10088178:anggandakosobra
10088179:anggandakop
10088180:anggandakonoh
10088181:anggandako2
10088182:anggandako1122
10088183:anggandako1
10422097:aanggandako
14344356: anggandako🈁 ← スペースを2つ+anggandako
[macmini2014:nobuaki 19:48:50 ~/fcrackzip_test ]
$[/code]
- この中の14344356行目にあるanggandakoをパスワードに設定したファイルを作成.
[code]
$ echo aaa > anggandako.txt🆑
[macmini2014:nobuaki 19:43:59 ~/fcrackzip_test ]
$ zip anggandako.zip anggandako.txt🆑
adding: anggandako.txt (stored 0%)
[macmini2014:nobuaki 19:44:09 ~/fcrackzip_test ]
$ zipcloak anggandako.zip🆑
Enter password:🔑 ← anggandako をいれる(スペースを2つ)
Verify password:🔑 ← anggandako をいれる(スペースを2つ)
encrypting: anggandako.txt
[macmini2014:nobuaki 19:44:32 ~/fcrackzip_test ]
$ rm anggandako.txt🆑
[macmini2014:nobuaki 19:44:44 ~/fcrackzip_test ]
$ unzip anggandako.zip🆑
Archive: anggandako.zip
[anggandako.zip] anggandako.txt password:🔑 ← anggandako をいれる(スペースを2つ)
extracting: anggandako.txt
[macmini2014:nobuaki 19:44:53 ~/fcrackzip_test ]
$[/code]
- 実行してみる.
[code]
$ fcrackzip -v -u -D -p rockyou.txt anggandako.zip🆑
found file 'anggandako.txt', (size cp/uc 16/ 4, flags 1, chk 77f8)
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching ``'
sh: -c: line 1: syntax error: unexpected end of file
〜略〜
sh: -c: line 0: unexpected EOF while looking for matching `"'
sh: -c: line 1: syntax error: unexpected end of file
sh: 12: command not found
sh: -c: line 0: unexpected EOF while looking for matching ``'
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching ``'
sh: -c: line 1: syntax error: unexpected end of file
[macmini2014:nobuaki 20:03:10 ~/fcrackzip_test ]
$
[/code]
- 残念.mac版だとエラーで終了する模様.