Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 6 Oct 2014 09:14:13 -0700
From: Danux <>
Subject: Zip2john not working


I recently downloaded the latest jumbo version *john-1.7.9-jumbo-7.tar.gz*:
and when trying to crack a file created with the latest version of Winzip
(18.5) for Windows 64-bit, john says it found 4 guesses and when printing
the cracked one via --show it displays the wrong one. Below the detailed
steps that I did, please advise if this is a bug. I was able to crack
passwords with other formats but not this. I am attaching the

A created a file 'wordlist' with the following words:



!!!alex!!!             <----- ZIP password


Create the zip2john hash file...

[r@xxx run]# ./zip2john > winzip.hash>101.pdf is using AES encryption, extrafield_length is 11

Verify contents...

[r@xxx run]# cat winzip.hash$zip$*0*3*c1892f8c9d3945d9b03abf230eea6bd7*1ca6

Run john on hash:

[r@xxx run]# ./john winzip.hash --wordlist=wordlist

Loaded 1 password hash (WinZip PBKDF2-HMAC-SHA-1 [32/64])

zephan           (

penangirow       (

!!!alex!!!       (

3113618031       (

guesses: 4  time: 0:00:00:00 DONE (Thu Oct  2 15:27:28 2014)  c/s: 5.95
trying: zephan

POT File:

[r@xxx run]# cat john.pot




Printing result:

[r@xxx run]# ./john winzip.hash --show            <---------Wrong Password

1 password hash cracked, 0 left


On Mon, Oct 6, 2014 at 7:50 AM, Dhiru Kholia <> wrote:

> Hi,
> Latest JtR-jumbo now supports cracking NTP MD5 authentication hashes.
> $ ../run/ NTP_with_MD5_key_foobar.pcap > ntp-hash
> Sample .pcap can be downloaded from the
> page.
> $ ../run/john ntp-hash -w=wordlist.txt
> Loaded 1 password hash (dynamic_1016 [md5($s.$p) (long salt) 128/128 AVX
> 480x4x3])
> Will run 8 OpenMP threads
> Press 'q' or Ctrl-C to abort, almost any other key for status
> foobar           (1)
> $ OMP_NUM_THREADS=2 ../run/john --test --format=dynamic_1016
> Will run 2 OpenMP threads
> Benchmarking: dynamic_1016 [md5($s.$p) (long salt) 128/128 AVX 480x4x3]...
> (2xOMP)
> Many salts:     27463K c/s real, 13800K c/s virtual
> Only one salt:  20834K c/s real, 10417K c/s virtual
> Thanks Jim for the dynamic format :-)
> Dhiru


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.