Step 1: Install fcrackzip

If it’s not already installed on your system, type the following command in your terminal to install it:

sudo apt update
sudo apt install fcrackzip

Step 2: Create a Test ZIP File (optional)

If you want to test the method yourself, you can create a password-protected ZIP file like this:

zip –password test123 secret.zip file.txt

This creates a file called secret.zip which is protected with the password “test123”.

Step 3: Prepare the Wordlist

Kali Linux includes a popular password list called rockyou.txt. If it’s still compressed, you’ll need to unzip it first:

gunzip /usr/share/wordlists/rockyou.txt.gz

Now the wordlist will be available at:

/usr/share/wordlists/rockyou.txt

Step 4: Run fcrackzip

Use the following command to start the dictionary attack:

fcrackzip -v -u -D -p /usr/share/wordlists/rockyou.txt secret.zip

Explanation of the options:

-v means verbose mode (shows progress)

-u tells it to test each password by attempting to unzip

-D tells it to use a dictionary (wordlist)

-p is followed by the path to the wordlist

secret.zip is the name of the ZIP file you’re attacking

Step 5: Wait and Read the Result

If the password is found, the tool will display something like this:

PASSWORD FOUND!!!!: pw == test123

If the password is not in the list, it will finish without success.

Notes:

This only works with standard ZIP encryption. It will not crack newer ZIPX files that use AES encryption. The larger your wordlist and the stronger the password, the longer it may take. Always use this tool ethically, with files you own or have permission to test.