Read Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers for Free Online

to search the contents of Zimmerman’s computer ( McCullagh, 2008 ). Castillo’s initial investigation found several adult pornographic images but no child pornography.
    Continuing to browse through the files, Castillo found some suspect files, including a password-protected ZIP file titled “Cindy 5.” Relying on the technique invented nearly two decades earlier, Castillo used a dictionary attack to decrypt the contents of the password-protected file. The resulting decrypted files showed a partially naked minor ( McCullagh, 2008 ). With this information, a judge granted investigators a warrant to search Zimmerman’s home, where they discovered several additional pornographic images of children ( McCullagh, 2008 ). On April 3, 2007, a federal grand jury returned an indictment, charging John Craig Zimmerman with four counts of possession and production of child pornography ( Floyd, 2007 ).
    Let’s use the technique of brute-forcing a password learned in the last example program but apply it to zip files. We will also use this example to expand upon some fundamental concepts of building our programmers.
    Your Second Program, a Zip-File Password Cracker
    Let’s begin writing our zip-file password cracker by examining the zipfile library. Opening the Python interpreter, we issue the command help(‘zipfile’) to learn more about the library and see the class ZipFile with a method extractall(). This class and method will prove useful in writing our program to crack password-protected zip files. Note how the method extractall() has an optional parameter to specify a password.
     programmer$ python
     Python 2.7.1 (r271:86832, Jun 16 2011, 16:59:05)
     Type “help”, “copyright”, “credits” or “license” for more information.
     >>> help(‘zipfile’)
     <..SNIPPED..>
      class ZipFile
       | Class with methods to open, read, write, close, list zip files.
       |
       | z = ZipFile(file, mode=”r”, compression=ZIP_STORED, allowZip64=False)
     <..SNIPPED..>
       |    extractall(self, path=None, members=None, pwd=None)
       |   Extract all members from the archive to the current working
       |   directory. ‘path’ specifies a different directory to extract to.
       |   ‘members’ is optional and must be a subset of the list returned
    Let’s write a quick script to test the use of the zipfile library. After importing the library, we instantiate a new ZipFile class by specifying the filename of the password-protected zip file. To extract the zip file, we utilize the extractall() method and specify the optional parameter for the password.
     import zipfile
     zFile = zipfile.ZipFile(“evil.zip”)
     zFile.extractall(pwd=”secret”)
    Next, we execute our script to ensure it works properly. Notice that prior to execution, only the script and the zip file exist in our current working directory. We execute our script, which extracts the contents of evil.zip to a newly created directory called evil/. This directory contains the files from the previously password-protected zip file.
     programmer$ ls
     evil.zip unzip.py
     programmer$ python unzip.py
     programmer$ ls
     evil.zip unzip.py evil
     programmer$ cd evil/
     programmer$ ls
     note_to_adam.txt apple.bmp
    However, what happens if we execute the script with an incorrect password? Let’s add some exception handling to catch and display the error message from the script.
     import zipfile
     zFile = zipfile.ZipFile(“evil.zip”)
     try:
       zFile.extractall(pwd=”oranges”)
     except Exception, e:
       print e
    Executing our script with an incorrect password, we see that it prints an error message, indicating that the user specified an incorrect password to decrypt the contents of the password-protected zip file.
     programmer$ python unzip.py
     (‘Bad password for file’, )
    We can use the fact that an incorrect password throws an exception to test our zip file against a