1 hour 12 minutes
Hello one. Welcome to this ethical hacking tools with by phone video.
So today we continue working on our zip password brute force, sir, in Python. If you don't know what this is all about, please make sure to watch the previous video lesson in which I explained the rationale behind this little program and also start quoting the first bar of it.
Right now let's move into the code editor and keep writing this script.
What we have so far is the functionality that handles command line. Arguments were using our forests, and we've encapsulated dysfunctionality into a try and accept statement to catch all possible errors and allow the program to exit in a clean way
if it encounters any of these errors.
Next, we're gonna deal with the actual password brute forcing part. Like I said, we'll open the password file and go line by line and try each word as a password to the ZIP archive. So we'll just say, um with
open fast file, which is the variable that holds our password file
in the read mode as f for each line in F. So for line in F, we need to make sure that we stripped the word of any spaces, so we'll say password because the word is actually gonna be our password
line dot strip.
Okay, uh, then we also need to encode the work so in python to you might not need this, but we're in Python three here, so we'll say
equals fast word dot in code,
and we're gonna encode in utf eight.
All right, And now that we have the word, we can try extracting the password protected archive using it.
So in this case, were also going to make use of a try and accept formula.
So we'll say try
and we'll update the found past variable here. So we'll say found past equals two zip archive.
Okay, so we're going in tow the file that's been in Stan. She ated here using the zip file method zip archive. And then we use the extract old method to extract a zip
with the password that's being provided. So we're using the actual word that we are at this moment, So P w d or password is our
Okay, so this is actually how you extract the password protected archives and by fun,
if the operation succeeds, then the value of found past is goingto be equal to none
So far, Past is gonna be equal to none s. So it's not gonna be an empty string anymore, like it is here again. That is, if the operation succeeds. Otherwise it will throw a bad password error, which is why we've used it to try except here to catch that kind of error.
And in this case, the value of found past.
It's gonna remain on empty strength. So if it catches an error, the found past variables remains unchanged. All right, so we'll say, if
equals equals two non
meaning that if the archive was extracted successful, we let's just say print
on a new line, found fast word,
And then we'll just say password. And now we should decode the password because we've encoded it. So we should decode the password.
All right, so that we get the clean string of the word. So this happens if we have the right password, and then we catch the case of that password, which is a runtime error. So we'll catch it with the exempt
except a runtime error. Okay. And will simply say Pass
All right now, getting out of this loop. So after all the words in the password file have been tried against the password protected archive, if the value of the found best is still an empty string, meaning that if it's still unchanged
so we get out of the loop
equals equals two empty strength will simply say print
Try a bigger
Okay, and that's it. That's how you write a simple zip password. Brute force er in Python. Please notice that we've used a lot of air catching, an exception handling here, which is always a good practice. Try to get as many heirs and try to handle as many exceptions as possible.
You might not catch them all, but the programs or scripts you right are going to behave much better than just not using
any at all.
Okay, now, before we finish this lesson, let's do a quick knowledge check.
What's type of air we get when providing a bad pass word war script. Is it a attributes Air B type air or sea runtime air? And the answer is really easy. If you've been paying close attention when providing an incorrect password. The script throws a runtime error. So see is the right answer here.
So what did we do today? We finished coding or script and by phone, which is a zip password. Brute force. Sir. And I also told you about the importance of air handling when writing code.
In the next lesson, we're going to test our code against a password protected zip archive.
I am Christian, and I'm looking forward to seeing you in the next video.
Advanced Penetration Testing
The Advanced Penetration Testing course teaches the cyber attack lifecycle from the perspective of an ...
15 CEU/CPE Hours Available
Certificate of Completion Offered
How to Use theHarvester (BSWJ)
In this course, we will be reviewing a reconnaissance and information-gathering tool known as “theharvester”. ...
Certificate of Completion Offered