Questions tagged [zip]
An archive file format that is used to bundle multiple files and folders together that may have been compressed.
99 questions
1
vote
1
answer
623
views
John the Ripper doesn't identify hash
I have a ZIP file of my gallery that contains images and videos which is over 5GB in size. I forgot the password for that ZIP file now I'm trying to crack it to extract files from there. I tried using ...
1
vote
2
answers
255
views
How does malware work when compressed?
I have read up on compressed folders of file types such as .zip, .rar and .7zip being the malicious file itself (excluding cases such as an .exe file being disguised as a .zip file etc...), only ...
0
votes
1
answer
140
views
Is ZipSlip possible in Java without two dots?
I'm testing a Java application that tries to prevent ZipSlip by simply checking whether the filename contains ".." or "./"
Since it's not a web application, I guess encoding is not ...
- 121
2
votes
1
answer
320
views
John the Ripper - Zip Password help - Latter half digit command advice
I'm trying to use John to recover some old ZIP files with a password I remember half. One half being a word, the latter half being a mix of four to six digits.
I remember the word, but not the digits ...
- 21
1
vote
0
answers
1k
views
Unable to open multipart zip with john the ripper
I have this multiple-part zip files as a list of {File.zip.001, File.zip.002, ..., File.zip.013} that happen to be protected by password.
When I try to unzip them using the Gnome GUI, I see click on ...
- 11
0
votes
1
answer
148
views
How do password protected files differ from keygen protected software?
From some posts I read here:
Regarding keygen protected software:
As long as the user has full control of the hardware where the software is running on (i.e. typical PC) it is impossible to fully ...
- 3
2
votes
0
answers
585
views
Can unzipping archive by itself cause malware execution? [duplicate]
It it possible to execute a malware just by unzipping a malicious zip archive? Like a malware would target some vulnerability in zip decompression routine. How common such an exploit would be in the ...
- 53
1
vote
1
answer
3k
views
john failed to crack .zip file? [duplicate]
I have a .zip file and I want to crack its password using john.
first I use zip2john:
then I use john for cracking the password:
but after 10 seconds, john stop cracking and exit.
what's wrong?
- 11
18
votes
1
answer
7k
views
Crack 7Z password if I also have the original file
Some of my files have been encrypted by ransomware. I can find some backup of files (unfortunately not all of them). Can I find the password of the 7Z zipped+encrypted files if I also have some of the ...
- 283
0
votes
0
answers
224
views
What is more secure: encrypting individual files in archive or encrypting the archive itself?
Let's assume we have symmetric crypto with the same IV for each operation.
From my perspective, encrypting the whole archive is better, as similar strings are compacted and the CBC will work for us ...
- 101
1
vote
1
answer
1k
views
Can I get malware from a .rar file without opening it in Android?
I was on a group with almost 200k people on it in Telegram. One of these members (probably new, his account is now deleted) sent me (and to other people too) a file named "Customer deposit H.rar&...
0
votes
1
answer
211
views
Is checking zip content on another PC enough to prevent data leak?
Let's say I have two kind of files on my Windows desktop - first are files that can be published and shared with other people, second kind is confidential and should remain private.
To share files I ...
- 45
1
vote
2
answers
165
views
Site password being used to secure ZIP download, are they storing my password in plaintext?
Recently a utility provider has started to attach a zip file including my bill inside, however, they have secured the zip file using my online web account password.
I am not too concerned about ...
- 111
1
vote
1
answer
869
views
zip password cracking with permutation
I have a zip file (.zip created by 7zip v15.10) that I remember the password to (~12 characters long), but it seems I've typed the password wrong while zipping it and now it doesn't open.
What are the ...
- 13
2
votes
0
answers
587
views
Zip Slip path traversal and consistent vulnerability checks
According to multiple sources such as snyk and infoq, preventing a "Zip Slip" vulnerability in Java can be achieved by denying writes outside the target directory:
String ...
- 121
1
vote
0
answers
880
views
How to safely open two large files (.rar and zip) from google drive on mac?
I have two archived files which were shared with me on google drive. Im using a mac. Both are 9GB if I'm remembering correctly. The files are too large for google to scan for viruses, and too large to ...
- 11
0
votes
2
answers
422
views
Is it possible to find a zip password if it is being generated locally?
I have a program that generates a zip file with a password. Is it possible to determine the password if you analyse the program as it is being run? Would calls to function libraries show the password ...
- 1
0
votes
0
answers
350
views
Rar (Zip) Decryption, how does it work
I was wondering how rar decryption works.
I know that when I enter a password to encrypt my rar file, my password is derived into a key that is used to encrypt the rar file.
But how does the ...
1
vote
1
answer
713
views
Can I consider files compressed with password safe at all?
A follow up to my 7,5 years old question. Back 10-15 years ago, when I wanted to send an executable file over Gmail from my PC, all I had to do was to change file's extension to some meaningless one ...
- 3,689
2
votes
2
answers
2k
views
Which encryption cypher is used when using zip -e?
I am looking for a cross-platform way to encrypt credentials I need to send to a client.
I know encrypted zip archives leak metadata and can be tampered with, but how strong is the encryption cypher?
...
- 229
4
votes
2
answers
7k
views
Is it feasible to recover a zip file password consisting of about 16 digits?
A friend of mine lost the password of a zip file of her. She remembers that the password contains digits only (that is, only 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9) and is 16 characters long or so. The ...
- 195
2
votes
0
answers
769
views
Recovery of files from a zip containing a directory (unencrypted) and 3 files (encrypred - ZipCrypto Deflate), possibe use of bkcrack?
I have a zip file, Example.zip consisting of a directory Example and three files *.dat. I can see the names of all 3 files. The dat files are encrypted (ZipCrypto Deflate). I'm interested to know if I ...
- 121
31
votes
2
answers
10k
views
How do unzip programs check if the password is correct?
It obviously doesn't connect with any sort of database.
How is this even possible?
- 479
-1
votes
1
answer
851
views
Recover AES256 zip password by known result
I have a zip file containing an unencrypted folder with encrypted files inside.
Given that for some files I have their originals, is it possible to restore the password used for encryption?
- 101
2
votes
1
answer
686
views
Recover password of ZIP archive, having its decrypted and extracted content
Can I recover a password of an AES-encrypted ZIP if I know its extracted & decrypted content? The archive contains two files protected with two different passwords.
- 21
1
vote
1
answer
8k
views
How to recover lost zip file password?
I have a folder with very important files on my computer and I zipped it with a password for security reasons. Unfortunately, I'm not able to recover the password. Usually, I always use the same kind ...
- 111
0
votes
1
answer
557
views
Is ZIP-attack possible/realistic? [duplicate]
I was recently visiting a semi-popular website by just typing the link into the browser. I actually was sure that I typed the right address in there. But what if I typed in the wrong address and then ...
- 1
1
vote
2
answers
8k
views
Is it risky to download but not use a zip file?
Is there any possibility of malware infection in Windows 10 for the following three situations:
When you download a zipped file, but do not use it (you do not open it)?
When you only open a zipped ...
- 493
0
votes
1
answer
3k
views
Recover corrupted password protected Zip
Good evening.
I have a password protected zip archive (Zip 2.0 CryptoZip) with a .txt file with sensitive info inside. The problem is that I can't extract it.
7Zip:"Data error : Wrong password?"
...
1
vote
2
answers
2k
views
Can a PowerShell script inside a Zip file execute automatically upon unzipping?
I have a zip file that has a Powershell script inside that I want to look at. Is it possible that the Powershell script could execute automatically just by unzipping the file? This is not something I ...
- 11
14
votes
3
answers
15k
views
How long should zip encryption password be for it take 10 years to crack?
I am using zip 3.0.0 on macOS High Sierra and Ubuntu. Here is my zip version on macOS:
$ zip --version | head
Copyright (c) 1990-2008 Info-ZIP - Type 'zip "-L"' for software license.
This is ...
- 968
21
votes
2
answers
4k
views
At which point can a system be compromised when downloading archived data from an untrusted source?
If I download archived data from a possibly untrusted source at which point am I at possible risk of harming my system:
Initially downloading and saving the archived data (still packed)
Unpacking the ...
- 329
1
vote
1
answer
1k
views
Lost RAR password, is there any way to access my data? [closed]
I lost my winrar password of my file. I need to access it. Is it possible? If yes, how?
- 21
1
vote
1
answer
893
views
If I unzip a password-protected zip file, will the person I downloaded it from be notified in anyway?
If I access a password protected zip file, that i've downloaded through tor, and then opened the zip file, is there any way the person who posted the zip file would be able to find out that I've ...
- 11
6
votes
1
answer
8k
views
Encryption Using 7z or Zip File
I'm wondering which encrypted 7-Zip file format has better encryption: 7z with 256 AES or zip file with 256 AES? Assume that a strong password is used, then which encrypted 7zip file format has ...
- 87
3
votes
1
answer
3k
views
Zip files and metadata
I want to send a zip of some files. The files themselves don't contain anything sensitive but I'm wondering if zip files contain metadata that could identify me or something about me? It seems that ...
- 41
2
votes
1
answer
18k
views
Crack password protected zip file with pkcrack
I have allfiles.zip contains only file allfiles.exe and is password protected. I heard about pkcrack, it is possible to get the file from a zip file which is encrypted if we have some part of ...
- 123
1
vote
0
answers
194
views
rar and zip password encoding scheme [closed]
What encoding scheme is used in last versions of ZIP archives(6.3.2+) and RAR archives(3.90+), including RAR5? UTF-8/16, ASCII or something else?
- 191
8
votes
1
answer
3k
views
How to protect websites against ZIP bombs and reference bombs?
A Zip bomb (concept here) seems quite a "smart" and easy vulnerability to websites where uploading ZIP files is allowed. Such sites are under a threat (at least to make some degree of damage to them) -...
- 2,737
0
votes
0
answers
203
views
Does WinRar leave cache of opened Zip Archives (Nothing extracted)
Downloaded a .zip, via a secure app that deleted the only place it was downloaded (supposedly, who knows if defragmentation left other traces, the download happened by accident, on main OS WIN10, no ...
- 1
4
votes
2
answers
3k
views
How does a zip file detect a correct password?
When extracting files from an encrypted zip archive, the user is asked to give a password in order to read the original file.
How does an encrypted ZIP detect when the user has given the correct ...
- 579
1
vote
1
answer
2k
views
Can unpacking a .zip file be harmful for Unix-like systems?
Let’s say there is a .zip file that contains either a virus, malware or something harmful for the computer.
The computer is running a Unix-like OS, e.g. Ubuntu 18.04.
Are there any security ...
- 151
1
vote
0
answers
258
views
Working with Security Metadata in APK file
According to this Blog post, Google has added a Security Metadata on top of an APK to verify that it was originally distributed by Google Play. More specifically it adds APK Signing Block to the APK ...
- 131
10
votes
3
answers
18k
views
Can the content of a password protected zip file be known?
Let's suppose that I share an illegal copy of a material on web which is in password protected zip file, can the owner send me a copyright notice or know what's inside the zip without knowing the ...
- 103
-1
votes
1
answer
435
views
Can Zip files contain any information other than the bytes in the files being zipped?
We have a secure environment where we sometimes transfer large quantities of unclassified data between machines certified for classified operations. We zip these files to ease the process of data ...
- 188
18
votes
1
answer
13k
views
What encryption method is used by the zip program in macOS?
In order to send a file securely I am going to encrypt/password protect a zip file. (Why I am doing this). I am using macOS Sierra 10.12.6 and through my research I have concluded that encrypting a ...
- 680
1
vote
1
answer
195
views
Hard coded paths in archive files
I am just testing some web application. In this web application, I can upload some file at least as zip archive. I came to an idea to test, if I could place a file at a specific location I want. My ...
- 211
2
votes
3
answers
3k
views
Susceptibility of 7z encrypted archive files to man in the middle attacks
Given:
A file (assume 1 GB in size) is encrypted along with filenames using 7zip into a 7z archive using AES-256
The file is uploaded to a cloud storage service such as those offered by Google, ...
- 78
1
vote
1
answer
516
views
zap proxy - modify post to inject a zip file
I am doing a CTF image now, and I need to upload a .zip file to execute using the php wrapper zip:// using this PHP ZIP Wrapper LFI vulnerability
The problem is that the only way to upload is with ...
- 281
0
votes
2
answers
4k
views
Reverse Engineering - .zip file decryption if I have similarly encrypted .zip files and I have password to one of them
Is this possible to somehow reverse engineer password to .zip file if I have 2 similarly encrypted .zip archives, both need 20-sign password (that has big and small letters and numbers) so Brute Force ...
