Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Sep 2020 00:09:56 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking encrypted zip file

On 2020-09-15 19:43, Jasper Jones wrote:
> I'm reasonably certain the password contains two or three main components,
> selected from a couple of words and a long number, linked with some
> combination of punctuation.

Try adding all such components, one on each line, to a short wordlist 
eg. "components.txt". Add punctuation and numbers (either simply digits 
0 through 9 on separate lines, or/and longer numbers like 2020 if you 
know them) as well, on separate lines. Then use PRINCE mode.

> The first issue is that I believe I need to use zip2john.exe to get the
> hash from the zip file. It spits out a very long string of data, starting
> with $zip2$, but ends with a message saying that "wallet.zip/wallet.dat is
> not encrypted, or stored with a non-handled compression type".

What does "zipinfo <file>" or similar tool say? Or just "zip -l <file>".

It sounds like you got a proper hash (you need to redirect that screen 
output to a file) and the warning you got later is probably from some 
other (not encrypted) file in the archive. Perhaps you accidentally 
added a non-encrypted version to the archive? Try extracting it...

> I wondered whether I needed to use the 7z2john.pl (a perl script?), given I
> used 7-zip to generate the encrypted file?

No, if it's zip format, zip2john is needed.

zip2john archive.zip > hashfile.txt
john hashfile.txt --prince=components.txt

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.