Cracking Password-Protected Zip Files, PDF's And More Using Zydra

During Post-Exploitation we can come across encrypted sensitive files such as, PDFs and Zip Files that can contain a treasure trove of information, such as credentials and more. To crack those files we’re going to use the Zydra for cracking Zip files, RAR, PDFs, and Linux Shadow files.


  • Zip (PKZIP Algorithm)
  • WinZip and 7-Zip (AES-256 Encryption)
  • WinRar and PeaZip (AES Encryption)
  • LibreOffice Older Versions (Blowfish Algorithm)
  • LibreOffice 3.5 Newer Versions (AES Encryption)
  • Adobe Acrobat, Microsoft Office .. (AES Encryption)
  • Shadow File Passwords (MD5, SHA-256, SHA-512, Blowfish, and DES are commonly used)

Setup and Install Zydra

Let's download and install Zydra from Github.

Installing Dependencies

We also have to install dependencies to make Zydra work properly it uses Python3 so we’re going to use Pip3 to install modules.

pip3 install rarfile pyfiglet py-term

Looks like our modules are installed let’s run Zydra.


We have Zydra working perfectly.

#1 Cracking RAR

Zydra offers two modes:
  1. Directory Attack
  2. Brute Force Attack
Let's get started with directory attack for that we're gonna use SecLists wordlist or in case you're looking for more list Get here.

python3 -f file.rar -d /usr/share/wordlists/SecLists/Passwords/darkweb2017-top10000.txt

Let’s extract our flag or information from that encrypted RAR file.

#2 Cracking ZIP

Cracking ZIP files is much similar then cracking RAR files since we're gonna use directory attack mode just specify the file to crack and wordlist.

python3 -f files/zip/ -d /usr/share/wordlists/SecLists/Passwords/darkweb2017-top10000.txt

Let’s extract our flag or the information which we’re looking for inside

#3 Cracking PDFs

Let's get started with cracking PDFs files but first, we're going to install qpdf first to make Zydra work properly.

apt install qpdf

Now in order to crack PDF file, we’re gonna provide the file and wordlist just like before:

python3 -f files/pdf/file.pdf -d /usr/share/wordlists/SecLists/Passwords/darkweb2017-top10000.txt

Let’s file decrypted_file.pdf to see if it’s extracted successfully.

#4 Cracking Shadow Files

Shadow file contains multiple users and Zydra will automatically attempt to crack password hashes for any users inside shadow file.

python3 -f files/shadow/shadow -d /usr/share/wordlists/SecLists/Passwords/darkweb2017-top10000.txt