Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 06 Jan 2014 05:31:31 +0100
From: magnum <john.magnum@...hmail.com>
To: "john-dev@...ts.openwall.com" <john-dev@...ts.openwall.com>
Subject: pkzip format vs. ChristmasGIFts.zip

Solar,

On 2014-01-06 02:52, magnum wrote:
> On 2013-12-23 23:15, Solar Designer wrote:
>> I've just tested bleeding-jumbo's zip2john and the pkzip format on:
>>
>> http://code.google.com/p/corkami/
>> http://corkami.googlecode.com/files/ChristmasGIFts.zip
>>
>> Surprisingly, it failed to crack the password, even though the password
>> is trivial (I've even "cracked" it manually).  I think zip2john might be
>> confused by the very first entry in the .zip file being a directory, or
>> it could be some other issue.
>
> I created an issue for this:
> https://github.com/magnumripper/JohnTheRipper/issues/467

I'd appreciate knowing the password when debugging this. I tried a few 
but gave up because it seems impossible to script my unzip binary with 
passwords.

The directory has nothing to do with it. Any entry with an uncompressed 
length < 12 is ignored. I first assumed this was an issue of "file 
magic" known-plain false negative (in which case I'd make that option 
non-default - the early rejection of Huffman encoding is quick enough 
now anyway) but that seems not to be the case - unless john somehow 
missed the "extremely easy" password, as Ange put it.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ