During Post-Exploitation we can come across encrypted sensitive files such as, PDFs and Zip Files that can contain a treasure trove of information, such as credentials and more. To crack those files we’re going to use the Zydra for cracking Zip files, RAR, PDFs, and Linux Shadow files.
- Zip (PKZIP Algorithm)
- WinZip and 7-Zip (AES-256 Encryption)
- WinRar and PeaZip (AES Encryption)
- LibreOffice Older Versions (Blowfish Algorithm)
- LibreOffice 3.5 Newer Versions (AES Encryption)
- Adobe Acrobat, Microsoft Office .. (AES Encryption)
- Shadow File Passwords (MD5, SHA-256, SHA-512, Blowfish, and DES are commonly used)
Setup and Install Zydra
Let’s download and install Zydra from Github.
We also have to install dependencies to make Zydra work properly it uses Python3 so we’re going to use Pip3 to install modules.
pip3 install rarfile pyfiglet py-term
Looks like our modules are installed let’s run Zydra.
We have Zydra working perfectly.
#1 Cracking RAR
Zydra offers two modes:
- Directory Attack
- Brute Force Attack
python3 Zydra.py -f file.rar -d /usr/share/wordlists/SecLists/Passwords/darkweb2017-top10000.txt
Let’s extract our flag or information from that encrypted RAR file.
#2 Cracking ZIP
Cracking ZIP files is much similar then cracking RAR files since we’re gonna use directory attack mode just specify the file to crack and wordlist.
python3 Zydra.py -f files/zip/file.zip -d /usr/share/wordlists/SecLists/Passwords/darkweb2017-top10000.txt
Let’s extract our flag or the information which we’re looking for inside file.zip.
#3 Cracking PDFs
Let’s get started with cracking PDFs files but first, we’re going to install qpdf first to make Zydra work properly.
apt install qpdf
Now in order to crack PDF file, we’re gonna provide the file and wordlist just like before:
python3 Zydra.py -f files/pdf/file.pdf -d /usr/share/wordlists/SecLists/Passwords/darkweb2017-top10000.txt
Let’s file decrypted_file.pdf to see if it’s extracted successfully.
#4 Cracking Shadow Files
Shadow file contains multiple users and Zydra will automatically attempt to crack password hashes for any users inside shadow file.
python3 Zydra.py -f files/shadow/shadow -d /usr/share/wordlists/SecLists/Passwords/darkweb2017-top10000.txt