4.2 Bruteforcing ZIP Passwords with Python Part 2

00:00

Hello one. Welcome to this ethical hacking tools with by phone video.

00:04

So today we continue working on our zip password brute force, sir, in Python. If you don't know what this is all about, please make sure to watch the previous video lesson in which I explained the rationale behind this little program and also start quoting the first bar of it.

00:20

Right now let's move into the code editor and keep writing this script.

00:28

What we have so far is the functionality that handles command line. Arguments were using our forests, and we've encapsulated dysfunctionality into a try and accept statement to catch all possible errors and allow the program to exit in a clean way

00:46

if it encounters any of these errors.

00:49

Next, we're gonna deal with the actual password brute forcing part. Like I said, we'll open the password file and go line by line and try each word as a password to the ZIP archive. So we'll just say, um with

01:07

open fast file, which is the variable that holds our password file

01:11

in the read mode as f for each line in F. So for line in F, we need to make sure that we stripped the word of any spaces, so we'll say password because the word is actually gonna be our password

01:26

line dot strip.

01:29

Okay, uh, then we also need to encode the work so in python to you might not need this, but we're in Python three here, so we'll say

01:38

fast word

01:41

equals fast word dot in code,

01:44

and we're gonna encode in utf eight.

01:48

All right, And now that we have the word, we can try extracting the password protected archive using it.

01:55

So in this case, were also going to make use of a try and accept formula.

02:00

So we'll say try

02:01

and we'll update the found past variable here. So we'll say found past equals two zip archive.

02:12

Okay, so we're going in tow the file that's been in Stan. She ated here using the zip file method zip archive. And then we use the extract old method to extract a zip

02:24

with the password that's being provided. So we're using the actual word that we are at this moment, So P w d or password is our

02:38

vast work.

02:38

Okay, so this is actually how you extract the password protected archives and by fun,

02:46

if the operation succeeds, then the value of found past is goingto be equal to none

02:53

So far, Past is gonna be equal to none s. So it's not gonna be an empty string anymore, like it is here again. That is, if the operation succeeds. Otherwise it will throw a bad password error, which is why we've used it to try except here to catch that kind of error.

03:13

And in this case, the value of found past.

03:15

It's gonna remain on empty strength. So if it catches an error, the found past variables remains unchanged. All right, so we'll say, if

03:28

found bass

03:30

equals equals two non

03:34

meaning that if the archive was extracted successful, we let's just say print

03:39

on a new line, found fast word,

03:43

okay.

03:45

And then we'll just say password. And now we should decode the password because we've encoded it. So we should decode the password.

03:54

All right, so that we get the clean string of the word. So this happens if we have the right password, and then we catch the case of that password, which is a runtime error. So we'll catch it with the exempt

04:10

except a runtime error. Okay. And will simply say Pass

04:16

All right now, getting out of this loop. So after all the words in the password file have been tried against the password protected archive, if the value of the found best is still an empty string, meaning that if it's still unchanged

04:32

so we get out of the loop

04:34

if

04:36

found fast

04:39

equals equals two empty strength will simply say print

04:45

fast word

04:46

not found.

04:48

Try a bigger

04:51

password list.

04:53

Okay, and that's it. That's how you write a simple zip password. Brute force er in Python. Please notice that we've used a lot of air catching, an exception handling here, which is always a good practice. Try to get as many heirs and try to handle as many exceptions as possible.

05:11

You might not catch them all, but the programs or scripts you right are going to behave much better than just not using

05:17

any at all.

05:19

Okay, now, before we finish this lesson, let's do a quick knowledge check.

05:26

What's type of air we get when providing a bad pass word war script. Is it a attributes Air B type air or sea runtime air? And the answer is really easy. If you've been paying close attention when providing an incorrect password. The script throws a runtime error. So see is the right answer here.

05:46

So what did we do today? We finished coding or script and by phone, which is a zip password. Brute force. Sir. And I also told you about the importance of air handling when writing code.

05:58

In the next lesson, we're going to test our code against a password protected zip archive.