lunar (1) yazc.1.gz

Provided by: yazc_0.4.3-1_amd64 bug

NAME

       yazc - yet another zip cracker

SYNOPSIS

       yazc [-h] [-V]
       yazc COMMAND OPTIONS... FILE

DESCRIPTION

       yazc  cracks password protected zip files. Three attack methods are supported: bruteforce,
       dictionary and plaintext.

       Note: Only files encrypted using the legacy Pkware encryption method are supported.

BRUTEFORCE

       The bruteforce command tries every possible character combination. A general rule of thumb
       is to use this command when you suspect the password to be 8 characters or less.

       -c, --charset=CHARSET
              Set the character set to CHARSET.

       -i, --initial=STRING
              Set the initial password to STRING.

       -l, --length=NUM
              Set the maximum password length to LENGTH characters.

       -a, --alpha
              Use characters [a-z].

       -A, --alpha-caps
              Use characters [A-Z].

       -n, --numeric
              Use characters [0-9].

       -s, --special
              Use special characters "!:$%&/()=?{[]}+-*~#@|;".

       -t, --threads=NUM
              Distribute  load to NUM threads. For maximum performance, this should be set to the
              number of logical processors available.

       -h, --help
              Display help and exit.

DICTIONARY

       The dictionary command reads passwords from a text file (or stdin if no file  argument  is
       provided). It is assumed that each password is separated by a newline.

       -d, --dictionary=FILE
              Read passwords from FILE.

       -h, --help
              Display help and exit.

PLAINTEXT

       The  plaintext  command  uses a known vulnerability in the pkzip stream cipher to find the
       internal representation of the encryption key. To use this attack type, you need at  least
       13 known plaintext bytes from any file in the archive. Generally, this means that you need
       to obtain at least 13 bytes of the compressed stream before it was encrypted.

       The plaintext command can be used either with the raw byte offsets (-o option) or by using
       the zip file entry name.

       -o, --offset
              Use raw byte offsets instead of entry names.

       -t, --threads=NUM
              Distribute load to NUM threads.

       -h, --help
              Display help and exit.

INFO

       The  info  command lists the filenames, offsets and the encryption header for each file in
       the archive. This is useful to determine what  configuration  to  pass  to  the  plaintext
       command.

EXAMPLES

       Use  a  bruteforce attack on file archive.zip using only lower case letters and distribute
       the load to 8 threads:

              yazc bruteforce -a -t8 archive.zip

       Use a dictionary attack on file archive.zip and use passwords from rockyou.txt:

              cat rockyou.txt | yazc dictionary archive.zip

       Use a plaintext attack on archive.zip. Take plaintext bytes 100 to 650  and  map  them  to
       ciphertext  bytes 112 to 662. Use these bytes to reduce the number of keys and perform the
       attack. Once the intermediate key is found, decrypt the rest  of  the  cipher  (begins  at
       offset  64)  to  get  the  internal  representation  (the  encryption key derived from the
       password). If possible the actual (or equivalent) password  will  also  be  recovered  and
       printed.

              yazc plaintext -o plain.bin 100 650 archive.zip 112 662 64

AUTHOR

       Marc Ferland <marc.ferland at gmail dot com>

       Part  of  this  software  was  inspired  by fcrackzip by Marc Lehmann and pkcrack by Peter
       Conrad. The original plaintext algorithm was developed by Eli Biham and Paul C. Kocher.

                                                                                          YAZC(1)