Search code examples
pythonbrute-forcenetwork-security

Simple brute forcer not working

I am trying to write a very simple brute forcer to try to crack a password protected zip file. The password for the file is "red". 

import zipfile;
zfile = zipfile.ZipFile('password_archive.zip')

words = open('/usr/share/dict/words')
for word in words.readlines():
    try:
        password = word.strip('/n')
        zfile.extractall(pwd=password)
        print "Password found: "+ password
        exit(0)
    except Exception, e:
        print e

Console: 

('Bad password for file', <zipfile.ZipInfo object at 0x1004ca500>)
('Bad password for file', <zipfile.ZipInfo object at 0x1004ca500>)
('Bad password for file', <zipfile.ZipInfo object at 0x1004ca500>)
('Bad password for file', <zipfile.ZipInfo object at 0x1004ca500>)
('Bad password for file', <zipfile.ZipInfo object at 0x1004ca500>)
('Bad password for file', <zipfile.ZipInfo object at 0x1004ca500>)
('Bad password for file', <zipfile.ZipInfo object at 0x1004ca500>)
('Bad password for file', <zipfile.ZipInfo object at 0x1004ca500>)
Password found: Abasgi

Not really sure what is going on here. Abasgi isn't the correct password, but the script seems to fail on an incorrect password, and seems to find the correct one. I think I have set the password variable in the correct place in the loop.

Solution

  • You need to change:

    password = word.strip('/n')

    To:

    password = word.strip("\n")

    But you might as well just:

    password = word.strip()

    See the strip documenation:

    Return a copy of the string with leading and trailing characters removed. If chars is omitted or None, whitespace characters are removed. If given and not None, chars must be a string; the characters in the string will be stripped from the both ends of the string this method is called on.

    And make sure that red is in your words list Red was in mine so I had to add:

    zfile.extractall(pwd=password.lower())

    After those changes it all seems to work great:

    import zipfile
zfile = zipfile.ZipFile("file.zip")

words = open("/usr/share/dict/words")
for word in words.readlines():
     try:
        password = word.strip("\n")
        zfile.extractall(pwd=password.lower())
        print "Password found: "+ password
        exit(0)
     except Exception, e:
        pass