It also facilitates scripting, which is what you are doing. In summary, -P isn't inherently insecure, it just facilitates insecure behaviour. It's just a placeholder for what you might do to get the password into your script securely. What you need is for your script to handle your password securely: password=$(get_password_in_secure_manner)Īs you might realise get_password_in_secure_manner isn't a real command unless you implement it. fcrackzip is a tool used to identify passwords of zip file. In both cases, your password is part of the command and in both cases you are storing your password in plaintext in a script. Quick Tutorial: Crack zip password using fcrackzip in Kali Linux. What your attempt completely misses is that "Storing the plaintext password as part of a command line in an automated script is even worse."įrom a security point of view, there is absolutely no difference between: echo 'mypassword' | zip -e "$i.zip" $i To summarise, the two reasons for it being considered insecure, is that other users of the system may be able to see your executed commands and that people in the room may be able to see your password on the screen. Standard encryption provided by zipfile utilities.) (And where security is truly important, use strongĮncryption such as Pretty Good Privacy instead of the relatively weak Like so: /bin/sh for i in (cat password. Then iterate through that file and try each guess one at a time. Whenever possible, use the non-echoing, interactive prompt 1 Put your 10 guesses in a file called password.list. Plaintext password as part of a command line in an automated script isĮven worse. There is always the threat of over-the-shoulder peeking. Enter the password that you want to use to. Many multi-user operating systems provide ways for any user to see theĬurrent command line of any other user even on stand-alone systems Click inside the file drop area to upload a ZIP file or drag & drop a ZIP file. Use password to encrypt zipfile entries (if any). It seems like the real problem here is that OP doesn't understand why -P is considered insecure.
0 Comments
Leave a Reply. |