Date: Mon, 20 May 2019 21:30:29 +0200 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: zip2john fails to hash my zip file Hi, This is in addition to magnum's answer (which is correct and JtR-centric, as is most appropriate for this list, but I feel I can add beyond-JtR material as well). On Mon, May 20, 2019 at 03:58:50PM +0000, Dudy Dudy wrote: > My ultimate goal to is be able to recover the password of the archive. Or maybe the content of the archive? For PKZIP files with tough passwords, it might be more practical to mount a known plaintext attack, for which there's this recent tool (a remake of the older pkcrack): https://github.com/kimci86/bkcrack (I "contributed" some bug reports and feature requests to the author, which are now implemented - including the ability to have the tool truncate a compressed file used for known plaintext in case only the file's beginning is expected to match.) There are also these new developments: "Improved Forensic Recovery of PKZIP Stream Cipher Passwords" http://www.insticc.org/node/TechnicalProgram/icissp/presentationDetails/73605 "These kernels add support for cracking the 96bit pkzip stream cipher to retrieve the used password after successfully running a KPA on a zip archive." https://github.com/hashcat/hashcat/pull/2032 Of course, you need to get your zip archive to get properly parsed and be supported by the tools anyhow. You also need to be able to recreate very similar archives with the same compression method and settings in order to get suitable known plaintext (it should match your target encrypted file's _after_ compression - at least the first 11 bytes). Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.