Exploit Notes

Archived Files

Last modified: 2023-01-01


Archive/extract files and display the information of archived files.

Archive Files

# 7zip
# a: Add files to archive
7z a example.zip example.txt
# With password
7z a example.zip example.txt  -p password

# Bzip2
bzip2 example.txt

# Gzip
gzip example.txt

# Tar
# -c: Create a new archive
# -f: Use archive file
tar -cf archive.tar example.txt
tar -cf archive.tar example1.txt example2.txt
# -z: filter the archive through gzip
tar -zcf example.tar.gz example/

# Zip
zip example example1.txt example2.txt

Extract Files

# 7zip
# e: Extract files from archive
7z e example.zip
# With password
7z e example.zip -p password

# Bzip2
bzip2 -d example.txt.bz2
bunzip2 example.txt.bz2

# Gzip
gzip -d example.txt.gz
gunzip example.txt.gz

# Tar
# -x: Extract files from an archive
# -f: Use archive file
tar -xf archive.tar
tar -xf archive.tar.gz
# output given directory
tar -xf archive.tar --directory archived

# Zip
unzip example.zip
# extract it to the given directory
unzip example.zip -d ./example

Cracking Passwords

  • ZIP

    • zip2john & John The Ripper

      First of all, you need to format the file to make the John to recognize it.

      zip2john example.zip > hash.txt

      Crack the hash.

      john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
    • fcrackzip

      # -u: unzip
      # -D: dictionary
      # -p: strgin as initial password/file
      fcrackzip -u -D -p passwords.txt sample.zip

Unzip with Python

import zipfile

filename = "./sample.zip"
extdir = "./"
password = "password123"

with zipfile.ZipFile(filename, 'r') as zp:
        zp.extractall(path=extdir, pwd=password.encode('utf-8'))
    except RuntimeError as e:

Display Contents without Extracting

# Tar
tar -tf archive.tar

Tools by HDKS


Automatic web fuzzer.


Auto reconnaissance CLI.

Hash Cracker

Hash identifier.