Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Sep 2020 06:26:31 +0100
From: Jasper Jones <jazjones9292@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking encrypted zip file

Thanks very much magnum. I was pretty stressed while doing this last night
and missed out the '>'before the file name when using zip2john. I now have
a txt file with what looks like a hash.

That said, I'm still getting an error as well: "ver 5.1
wallet.zip/wallet.dat is not encrypted, or stored with non-handled
compression type".

> It sounds like you got a proper hash (you need to redirect that screen
output to a file) and the warning you got later is probably from some
> other (not encrypted) file in the archive. Perhaps you accidentally added
a non-encrypted version to the archive? Try extracting it...

There's definitely only a single file - wallet.dat - in the archive, so
this is a little puzzling. I'm not sure how adding a password with AES-256
encryption works - I assume encrypts just the file after compression?

> What does "zipinfo <file>" or similar tool say? Or just "zip -l <file>".

I don't have zipinfo (I'm on Windows), but I could download a bootable
Linux distribution if that would help. 7zip itself gives some info about
the compressed file:

- attributes: An
- Encrypted: +
- Method: AES-256 Deflate

(There's some other stuff about file size, dates, etc, but  assume it's the
encryption info that's needed?)

Many thanks
Jasper



On Tue, 15 Sep 2020 at 23:10, magnum <john.magnum@...hmail.com> wrote:

> On 2020-09-15 19:43, Jasper Jones wrote:
> > I'm reasonably certain the password contains two or three main
> components,
> > selected from a couple of words and a long number, linked with some
> > combination of punctuation.
>
> Try adding all such components, one on each line, to a short wordlist
> eg. "components.txt". Add punctuation and numbers (either simply digits
> 0 through 9 on separate lines, or/and longer numbers like 2020 if you
> know them) as well, on separate lines. Then use PRINCE mode.
>
> > The first issue is that I believe I need to use zip2john.exe to get the
> > hash from the zip file. It spits out a very long string of data, starting
> > with $zip2$, but ends with a message saying that "wallet.zip/wallet.dat
> is
> > not encrypted, or stored with a non-handled compression type".
>
> What does "zipinfo <file>" or similar tool say? Or just "zip -l <file>".
>
> It sounds like you got a proper hash (you need to redirect that screen
> output to a file) and the warning you got later is probably from some
> other (not encrypted) file in the archive. Perhaps you accidentally
> added a non-encrypted version to the archive? Try extracting it...
>
> > I wondered whether I needed to use the 7z2john.pl (a perl script?),
> given I
> > used 7-zip to generate the encrypted file?
>
> No, if it's zip format, zip2john is needed.
>
> zip2john archive.zip > hashfile.txt
> john hashfile.txt --prince=components.txt
>
> magnum
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.