Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 Feb 2016 09:59:02 -0500
From: Alex <mysqlstudent@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking zip files

Hi,

After some experimenting, and help from Claudio on this list, I was
able to figure out that there's something either wrong with the
zip2john file or john itself:

$ ./run/john --format:zip --test
Will run 8 OpenMP threads
Benchmarking: ZIP, WinZip [PBKDF2-SHA1 256/256 AVX2 8x]... (8xOMP) DONE
Raw:    10816 c/s real, 2072 c/s virtual
$ file zipfile.zip
zipfile.zip: Zip archive data
$ ./run/zip2john zipfile.zip > zipfile.john
$ ./run/john zipfile.john
Using default input encoding: UTF-8
No password hashes loaded (see FAQ)

$ cat zipfile.john
zipfile.zip:$zip2$*0*3*0*ea66ffef1968f19b4f512b75d35e1619*f158*348b*ZFILE*zipfile.zip*15edb*15f41*65556849ac4ebd6f824d*$/zip2$:::::zipfile.zip

I also tried creating a new zip file, and it was able to start
cracking that one, so I know my installation is working properly.

As I mentioned before, the previous install of John I had on the
system was able to begin cracking this zip file without problem.

Ideas greatly appreciated.
Thanks,
Alex


On Sat, Feb 20, 2016 at 5:50 PM, Alex <mysqlstudent@...il.com> wrote:
> Hi,
>
>>> zipfile.zip:$zip$*0*3*de3c868ba87dcff820dd1f8123b6b02f*f96a:::::zipfile.zip
>>
>> It looks like you used an old copy of zip2john for this.  You need to
>> use zip2john from your new build, perhaps invoking it as ./zip2john when
>> you're in the run directory.
>>
>> The new zip2john's output will include the "$zip2$" tag, not the old
>> "$zip$" tag you have above.
>
> That was a mistake. I must have pasted the old zipfile.john contents,
> but it also does it with the new one:
>
> $ ./zip2john zipfile.zip > zipfile.john
> $ ls -l zipf*
> -rw-rw-r-- 1 alex alex 144 Feb 20 17:47 zipfile.john
> -rw-r--r-- 1 alex alex 103673 Feb 20 17:47 zipfile.zip
> $ cat zipfile.john
> zipfile.zip:$zip2$*0*3*0*ea66ffef1968f19b4f512b75d35e1619*f158*348b*ZFILE*zipfile.zip*15edb*15f41*65556849ac4ebd6f824d*$/zip2$:::::zipfile.zip
>
> $ ./john zipfile.john
> Using default input encoding: UTF-8
> No password hashes loaded (see FAQ)
>
> There are also two files in the zipfile.
>
> $ unzip -v zipfile
> Archive:  zipfile.zip
>  Length   Method    Size  Cmpr    Date    Time   CRC-32   Name
> --------  ------  ------- ---- ---------- ----- --------  ----
>   388686  Unk:099   89726  77% 02-10-2016 09:37 00000000  hosts.csv
>    54009  Unk:099   13467  75% 02-10-2016 09:37 00000000  files.csv
> --------          -------  ---                            -------
>   442695           103193  77%                            2 files
>
> Thanks,
> Alex

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.