theres various ways, simplest is a brute force attack where you just either guess the password by incrementing all possible ranges, takes forever, ie it'd go a,b,c....aa,ab,ac...aaa,aab,aac etc as you can see that would take forever and you can use letters, numbers and symbols, the keyspace is huge.
next is a dictionary attack, that just tests the passwords agaisnt a big word list, often using 'leet' speak as well so, cool, c00l, c0ol etc would all be tested, this will catch a suprising amount of people out.
very simply, the problem is often the algorithms end up wasting a lot of the keyspace, if you can find a sequence or a trick, so that instead of having to check all of it, you only have to check bits of it, so its more like a smart brute force search, rather than just lucking out.
however theres a flaw in pkzips encryption that allows you to cut down the keyrange if you know some of the contents of a file inside the zip, you need 5 files or so in the zip itself to mount that attack, its quite speciifc but a lot of zips do meet the requirements.
this paper describes it
ftp://utopia.hacktic.nl/pub/crypto/cracking/pkzip.ps.gz
this one improves it
http://www.woodmann.com/fravia/mike_zipattacks.htm
One of our artists at team17 once lost his password for a zip file of a bunch of game graphics, so i learnt a lot about zip file password recovery quickly
it took over a week to get it back with a number of PC's all testing keyranges.
There are a few other attacks but pretty much the same ideas.
i figure this information is so well known, and zips encrpytion is relatively weak, its ok to post about it, particularly since its better to know about the weakness then you can avoid it and still use zip files by following certain rules.
or just use pgp etc.
Of course since the DMCA came along its questionable whether or not this info is legal anymore, and you probably can't apply it.