I am student studying Network Security and I am in my final class for my Masters degree. I was given an extra credit assignment that I want to do for my own challenge. However, I am stumped and I am sure this is a simple task with the right tools. I have a zipped file that is UNPROTECTED that contains one file that IS PASSWORD PROTECTED. The task is to identify as much detail about the file as possible. However, the PROTECTED file inside the zipped file is password protected and it will need cracked but the file type is unknown. My dilemma is that I cant extract the file without the password and I cant crack the password without the file type. I was going to try and open the file in a hex editor to see if I could get the file signature to identify the file type but the hex editor will likely show the zipped file signature and not the contents. My question to the forensic community is what freeware tools or utilities could I use (preferrably Windows-based) that will help me solve this challenge. I have tried zip password crackers but those fail to work since the zipped file is not password protected.
What archiving utility are you using? It sounds like the .zip is encrypted, because if it was only the compressed file that was encrypted then the archiving utility would still allow you to extract it. Obviously you wouldn't be able to read the decompressed file without the correct key though.
I tried opening the zipped file in 7-zip and the Windows zip utility to no avail. One of the tools I used to try and crack the zipped file was Advanced Archive Password Recovery version 4.54 and it stated that the zipped file was not encrypted.
I personally think the Advanced Archive Password Recovery tool gave you a false answer, what other tools have you used? Any tools that allowed you to use a brute force dictionary attack?
Yeah, I dont disagree with you there. I have read some bad reviews of that software. No, I haven't tried any other zip password cracking tools on it. Do you have any good suggestions for such tools? I am going to use TrID to try and identify the file once I can crack the password.
I haven't personally had the opportunity to decrypt an encrypted archive file, however after a quick search why don't you give
Any updates on this? I'm having a similar situation.
I am not sure I am clear on what you have, and what you are trying to do.
You were given a file to show the content.
How was the file "given" to you (on media or download, etc)?
What is the file extension?
What are the file header & footer signatures?
Size?
Entropy level?
I presume you are saying it is "zip" because in attempt to open the file with zip-like tools, it shows some sort of a file inside. This is not necessarily the case. There are other compression tools that use the same metadata structure for content information, but are not real "zip" files.
In my case, I have a .zip file that prompts for a password and has an .avi file inside it-however, when I try to play the file directly it comes back as corrupted. Do you think this kind of encryption is that of TrueCrypt or just a password protected zip file (7-zip to be precise).