I have an encrypted zip file with a bunch of word documents within it. I am trying to run a Zip Known Plaintext Attack, without a dictionary attack. I do this and add the other unencrypted zip file to it link field. It then states that it is generating levels and adding the job. It then says it is successful at adding the job but nothing shows up.
I am having trouble cracking this password on the zip file as well. Any other ideas? Thanks
Which Build of 6.3? There were some gremlins with early Builds of 6.3. I just ran a test on Build 07.04.06 and it ran a Plain Text attack just fine.
Its the same as yours. Maybe I dont understand how to run it correctly. Can you please help me? Thanks so much
First you need the two elements The encrypted Zip file and a Zip file with the unencrypted version of any one of the encrypted files in the encrypted zip.
Then you drag the encrypted zip into the PRTK Window, deselect the attacks you will not be using, under the known-plaintext attack browse to the Zip with the unencrypted file and hit OK.
Note from PRTK Help
The keyspace attack is typically used on applications that use
40-bit encryption or less. In 32-bit encryption applications,
such as WinZip 6.0–8.1, there is a limit to the number of keys
that can be stored. The limit is the largest number that can be
represented with 32 bits.
This number might seem extremely large; but it is actually
small enough that, with enough computing power, you can
decrypt an encrypted document in a reasonable amount of
time.
So with certain applications, PRTK generally finds the key for
an encrypted document rather than the password because
Encryption Technology 257
there are a relatively small number of keys that can be created,
and key recovery is guaranteed.
If you dont have an unencrypted version of the document, then your only choice is a dictionary attack? How do you get the "key"? Sorry I'm still new at this stuff.
If you do not have an unencrypted version of one of the files in the encrypted archive you cannot use the known-plaintext attack and will probably end up with a dictionary attack.
PRTK gets the key from the plaintext attack. If you are new to encryption a more detailed explanation will be of little use.
Do you just have the encrypted file or is this part of a larger case where you can generate word lists and such for a more directed dictionary attack?
I already did the word list from the case. It is a encrypted zip file with 5 word documents in it. No clue how to get it open.
Did you create a profile in PRTK, create the custom dictionaries from the word list, create permutation dictionaries, limit your attack to those dictionaries in PRTK? Used the Web Crawler feature and add those to a dictionary? And a full dictionary attack is still running or has not been run?
There are many more ideas that depend on the case. And there is the possibility that you may not succeed in gaining access to the files. Sometimes we run out of time before cases are tried and those files rot with the suspect.
Thanks for all your help. I'll try those in a few!