View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004550||Kali Linux||[All Projects] Queued Tool Addition||public||2018-02-21 15:57||2020-06-17 14:57|
|Target Version||Fixed in Version|
|Summary||0004550: zipbrk - exploit/tool for modern systems|
|Description||Update for the `zipbrk` exploit/tool for fuzzing the PKZIP file format, and adding support to modify file options to bypass detection (ex. AV Scans, E-Mail filter, etc.) and protect from extraction. Manpages have also been included.|
|Steps To Reproduce||N/A|
|Additional Information||The repository for the updated version can be found at: https://github.com/kvesel/zipbrk/|
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool? either a download page or a link to the latest version
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [Activity] - When did the project start? Is is still actively being deployed?
- [How to install] - How do you compile it?
--- Note, using source code to acquire (e.g. git clone/svn checkout) can't be used - Also downloading from the head. Please use a "tag" or "release" version.
- [How to use] - What are some basic commands/functions to demonstrate it?
zipbrk.c (13,906 bytes)
- [Name] - Zip Break / zipbrk
- [Version] - 2.1.1b (Master)
- [Homepage] - http://kat.sdf.org/
- [Download] - https://github.com/kvesel/zipbrk OR http://kat.sdf.org/zipbrk.c
- [Author] - kat will suffice
- [Licence] - as-is, free usage
- [Description] - It modifies zip files for various purposes to include bypassing anti-virus detection, bypassing e-mail filters, modifying the integrity checks, and encryption settings.
- [Dependencies] - a C compiler and supporting operating system
- [Similar tools] - same thing, multiple different file and author names (zipbrk and zipbrk2 are variants)
- [Activity] - 2004ish initial release, rereleased in in 2017 with 64-bit support, feature extensions, and included a working manpage
- [How to install] - gcc -o zipbrk zipbrk.c
- [How to use] -
zipbrk file.zip --encryption-unset
Change the encryption flag to show the zip is unencrypted (whether the contents are actually encrypted or not). In contrast, --encryption-set performs the opposite operation. The -e and -de flags alternatively be used.
zipbrk file.zip --xor-crc32
XOR the current CRC32 values for each file against a hash generated from a user-provided password. Most zip programs will fail to attempt in opening the zip file contents because it will believe the contents are damaged.
zipbrk file.zip --signature-spoof
Modify the magic number of the zip file so filters and other software will incorrectly assume the file is not a zip file format, and will fail to extract or check the contents.
zipbrk file.zip --zero-date --zero-time
Strips the date and time information from the archived files to assist in sanitising the zip file contents of some identifying information.
zipbrk.1.gz (595 bytes)
||I uploaded the source and manpage as well to bug tracking.|
||Please could you tag the release: https://github.com/kvesel/zipbrk/releases|
||Yes thank you it is done.)) https://github.com/kvesel/zipbrk/releases/|
@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging
||@g0tmi1k ok, i am working on the package, should i move the code/project to gitlab as well?|
||Up to you! We don't mind.|
|2018-02-21 15:57||kvesel||New Issue|
|2018-02-21 16:04||g0tmi1k||Product Version||2018.1 =>|
|2018-02-21 16:04||g0tmi1k||Summary||Update to `zipbrk` exploit/tool for modern systems => zipbrk - exploit/tool for modern systems|
|2018-02-21 16:04||g0tmi1k||Note Added: 0008781|
|2018-02-21 18:29||kvesel||File Added: zipbrk.c|
|2018-02-21 18:29||kvesel||Note Added: 0008786|
|2018-02-21 18:30||kvesel||File Added: zipbrk.1.gz|
|2018-02-21 18:32||kvesel||Note Added: 0008787|
|2018-02-22 18:02||g0tmi1k||Note Added: 0008792|
|2018-02-22 21:47||kvesel||Note Added: 0008793|
|2020-02-25 13:31||g0tmi1k||Status||new => acknowledged|
|2020-02-25 13:31||g0tmi1k||Category||New Tool Requests => Queued Tool Addition|
|2020-02-25 13:31||g0tmi1k||Note Added: 0012343|
|2020-04-15 07:49||kvesel||Note Added: 0012624|
|2020-04-15 08:29||g0tmi1k||Note Added: 0012625|
|2020-06-17 14:57||g0tmi1k||Severity||feature => minor|