Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 22 Feb 2016 09:59:02 -0500
From: Alex <mysqlstudent@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking zip files

Hi,

After some experimenting, and help from Claudio on this list, I was
able to figure out that there's something either wrong with the
zip2john file or john itself:

$ ./run/john --format:zip --test
Will run 8 OpenMP threads
Benchmarking: ZIP, WinZip [PBKDF2-SHA1 256/256 AVX2 8x]... (8xOMP) DONE
Raw:    10816 c/s real, 2072 c/s virtual
$ file zipfile.zip
zipfile.zip: Zip archive data
$ ./run/zip2john zipfile.zip > zipfile.john
$ ./run/john zipfile.john
Using default input encoding: UTF-8
No password hashes loaded (see FAQ)

$ cat zipfile.john
zipfile.zip:$zip2$*0*3*0*ea66ffef1968f19b4f512b75d35e1619*f158*348b*ZFILE*zipfile.zip*15edb*15f41*65556849ac4ebd6f824d*$/zip2$:::::zipfile.zip

I also tried creating a new zip file, and it was able to start
cracking that one, so I know my installation is working properly.

As I mentioned before, the previous install of John I had on the
system was able to begin cracking this zip file without problem.

Ideas greatly appreciated.
Thanks,
Alex


On Sat, Feb 20, 2016 at 5:50 PM, Alex <mysqlstudent@...il.com> wrote:
> Hi,
>
>>> zipfile.zip:$zip$*0*3*de3c868ba87dcff820dd1f8123b6b02f*f96a:::::zipfile.zip
>>
>> It looks like you used an old copy of zip2john for this.  You need to
>> use zip2john from your new build, perhaps invoking it as ./zip2john when
>> you're in the run directory.
>>
>> The new zip2john's output will include the "$zip2$" tag, not the old
>> "$zip$" tag you have above.
>
> That was a mistake. I must have pasted the old zipfile.john contents,
> but it also does it with the new one:
>
> $ ./zip2john zipfile.zip > zipfile.john
> $ ls -l zipf*
> -rw-rw-r-- 1 alex alex 144 Feb 20 17:47 zipfile.john
> -rw-r--r-- 1 alex alex 103673 Feb 20 17:47 zipfile.zip
> $ cat zipfile.john
> zipfile.zip:$zip2$*0*3*0*ea66ffef1968f19b4f512b75d35e1619*f158*348b*ZFILE*zipfile.zip*15edb*15f41*65556849ac4ebd6f824d*$/zip2$:::::zipfile.zip
>
> $ ./john zipfile.john
> Using default input encoding: UTF-8
> No password hashes loaded (see FAQ)
>
> There are also two files in the zipfile.
>
> $ unzip -v zipfile
> Archive:  zipfile.zip
>  Length   Method    Size  Cmpr    Date    Time   CRC-32   Name
> --------  ------  ------- ---- ---------- ----- --------  ----
>   388686  Unk:099   89726  77% 02-10-2016 09:37 00000000  hosts.csv
>    54009  Unk:099   13467  75% 02-10-2016 09:37 00000000  files.csv
> --------          -------  ---                            -------
>   442695           103193  77%                            2 files
>
> Thanks,
> Alex

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.