Here is a script courtesy of adithyaxx which helped me out recently.
I had a zip file containing hundreds of other zip files all contained within each other. The password for each file was it’s name. Manually typing in each password would have taken far too long, this little script helped automate the process.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| while [ -e *.zip ]; do | |
| files=*.zip; | |
| for file in $files; do | |
| echo -n "Cracking ${file}… "; | |
| output="$(fcrackzip -u -l 1-6 -c '1' *.zip | tr -d '\n')"; | |
| password="${output/PASSWORD FOUND\!\!\!\!: pw == /}"; | |
| if [ -z "${password}" ]; then | |
| echo "Failed to find password"; | |
| break 2; | |
| fi; | |
| echo "Found password: \`${password}\`"; | |
| unzip -q -P "${password}" "$file"; | |
| rm "${file}"; | |
| done; | |
| done; |
https://gist.github.com/adithyaxx/7dda95fbf2fde57d95db03cdfdd5516d.js
It opens up the zip file, reads the file name and truncates the .zip part, then uses the remaining that as a variable for the next password attempt and keeps going until it fails. The useful thing is that is prints out the attempts as it goes along in case there are any hidden patterns in the passwords names you need to pick up on:
It runs through about 2-3 unzips every second so a 500 file recursive zip file would take 5-10 minutes to get to the end of, compared with a few hours of working by hand.
Urban Security Research 