Date: Sun, 4 Sep 2016 17:01:16 +0200 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: Path in hash? On 2016-09-04 13:21, Florian Pelgrim wrote: > I'm struggeling to gain the used encryption method and which program was > used. > > I tried to match the hash to some other hashes but I did not found any > archive hash which uses the path inside the hash. > > I'm running john-1.8.0-jumbo-1 and the output from zip2john is: > test3.zip:$zip2$*0*1*0*edda46c4e04bcef3*da68*25ef89*ZFILE*/root/test3.zip*1e8784e*1e87899*1ae93ae8ab72ff1f51e2*$/zip2$:::::test3.zip This is a zip hash (as opposed to pkzip, which is different). The full zip file is needed when running john, so the full path is stored (and you must not move the file from /root). In latest Jumbo (on github) this has changed - file data is always inlined as a "hash" making that input file potentially huge, and there's no dependency on the original zip file. > Can someone tell me what kind of hash this is and how to figure it out > on my own? Just run john without the --format option and it should pick the correct format. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.