Date: Sun, 19 Jul 2015 01:09:42 +0200 From: rysic <rysic@...pl> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: Re: Re: Re: Re: restore difficult zip password I'm using zip from OpenSUSE 13.2: linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # zip -v Copyright (c) 1990-2008 Info-ZIP - Type 'zip "-L"' for software license. This is Zip 3.0 (July 5th 2008), by Info-ZIP. Currently maintained by E. Gordon. Please send bug reports to the authors using the web page at www.info-zip.org; see README for details. Latest sources and executables are at ftp://ftp.info-zip.org/pub/infozip, as of above date; see http://www.info-zip.org/ for other sites. Compiled with gcc 4.8.3 20140627 [gcc-4_8-branch revision 212064] for Unix (Linux ELF). Zip special compilation options: USE_EF_UT_TIME (store Universal Time) SYMLINK_SUPPORT (symbolic links supported) LARGE_FILE_SUPPORT (can read and write large files on file system) ZIP64_SUPPORT (use Zip64 to store large files in archives) UNICODE_SUPPORT (store and read UTF-8 Unicode paths) STORE_UNIX_UIDs_GIDs (store UID/GID sizes/values using new extra field) UIDGID_NOT_16BIT (old Unix 16-bit UID/GID extra field not used) [encryption, version 2.91 of 05 Jan 2007] (modified for Zip 3) Encryption notice: The encryption code of this program is not copyrighted and is put in the public domain. It was originally written in Europe and, to the best of our knowledge, can be freely distributed in both source and object forms from any country, including the USA under License Exception TSU of the U.S. Export Administration Regulations (section 740.13(e)) of 6 June 2002. Zip environment options: ZIP: [none] ZIPOPT: [none] >>From GitHub - you mean this? https://github.com/magnumripper/JohnTheRipper Is that a community version? W dniu 2015-07-18 02:56:39 użytkownik magnum <john.magnum@...hmail.com> napisał: > On 2015-07-18 01:05, rysic wrote: > > I configured my john to gues max 4 length passwords: > > > > [Incremental:Custom] > > File = $JOHN/custom.chr > > MinLen = 0 > > MaxLen = 4 > > > > (...) > > This is not needed at all, just use -max-len=4 > > > And then I'm creating encrypted zip file (password is "asd") > > > > linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # zip --encrypt test6.zip ../../Pobrane/john-1.8.0-jumbo-1.tar.gz > > Enter password: > > Verify password: > > adding: ../../Pobrane/john-1.8.0-jumbo-1.tar.gz (deflated 45%) > > > > generating hash file: > > linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./zip2john test6.zip > test6.h > > ver 14 efh 5455 efh 7875 test6.zip->../../Pobrane/john-1.8.0-jumbo-1.tar.gz PKZIP Encr: 2b chk, TS_chk, cmplen=32762705, decmplen=59392000, crc=9FEB9743 > > > > And try to crack it: > > linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john test6.h > > Loaded 1 password hash (PKZIP [32/64]) > > Will run 4 OpenMP threads > > Press 'q' or Ctrl-C to abort, almost any other key for status > > 0g 0:00:00:08 DONE 3/3 (2015-07-18 00:46) 0g/s 9175Kp/s 9175Kc/s 9175KC/s |C%|..|||| > > Session completed > > What version of "zip" are you using? This looks like a bug in our pkzip > format, and if it is, it's a really really bad one. > At least one obscure bug was fixed since Jumbo-1, so you might want to > try building latest code from GitHub. > > > You wrote about -stdout. I saw that in documentation but it is not working: > > > > linux-kq4w:/home/kamil/john-1.8.0-jumbo-1/run # ./john -stdout test6.h > > Invalid options combination or duplicate option: "-stdout" > > It's not used with a hash file. It's used with a mode, like this: > > $ ../run/john -inc:digits -stdout | head > Press 'q' or Ctrl-C to abort, almost any other key for status > 12345 > 123456 > 11111 > 121288 > 123444 > 121290 > 010189 > 010190 > 012222 > 012233 > > magnum > > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.