Date: Wed, 16 Sep 2020 06:47:10 +0100 From: Jasper Jones <jazjones9292@...il.com> To: john-users@...ts.openwall.com Subject: Re: cracking encrypted zip file I just tried running it on a short list of the most likely words to see if anything jumps out. Ran for ~5 mins and just got "session completed" at the end, which I assume means nothing was found. I got the following message when I started it: "Warning: detected hash type "ZIP", but the string is also recognised as "ZIP-opencl" Use the "--form=ZIP-opencl" option to force loading these as that type instead" Any issue with that? Then: "Using default input encoding: UTF8 Loaded 1 password hash (ZIP, WinZip, [PKDF2-SHA1 128/128 AVX 4x1)" Does that look right? The reference to PKDF2-SHA1 instead of AES concerns me, but I appreciate that could just be my ignorance showing. I'm going to run a test to see if it finds a known password. Thanks again Jasper On Wed, 16 Sep 2020 at 06:26, Jasper Jones <jazjones9292@...il.com> wrote: > Thanks very much magnum. I was pretty stressed while doing this last night > and missed out the '>'before the file name when using zip2john. I now have > a txt file with what looks like a hash. > > That said, I'm still getting an error as well: "ver 5.1 > wallet.zip/wallet.dat is not encrypted, or stored with non-handled > compression type". > > > It sounds like you got a proper hash (you need to redirect that screen > output to a file) and the warning you got later is probably from some > > other (not encrypted) file in the archive. Perhaps you accidentally > added a non-encrypted version to the archive? Try extracting it... > > There's definitely only a single file - wallet.dat - in the archive, so > this is a little puzzling. I'm not sure how adding a password with AES-256 > encryption works - I assume encrypts just the file after compression? > > > What does "zipinfo <file>" or similar tool say? Or just "zip -l > <file>". > > I don't have zipinfo (I'm on Windows), but I could download a bootable > Linux distribution if that would help. 7zip itself gives some info about > the compressed file: > > - attributes: An > - Encrypted: + > - Method: AES-256 Deflate > > (There's some other stuff about file size, dates, etc, but assume it's > the encryption info that's needed?) > > Many thanks > Jasper > > > > On Tue, 15 Sep 2020 at 23:10, magnum <john.magnum@...hmail.com> wrote: > >> On 2020-09-15 19:43, Jasper Jones wrote: >> > I'm reasonably certain the password contains two or three main >> components, >> > selected from a couple of words and a long number, linked with some >> > combination of punctuation. >> >> Try adding all such components, one on each line, to a short wordlist >> eg. "components.txt". Add punctuation and numbers (either simply digits >> 0 through 9 on separate lines, or/and longer numbers like 2020 if you >> know them) as well, on separate lines. Then use PRINCE mode. >> >> > The first issue is that I believe I need to use zip2john.exe to get the >> > hash from the zip file. It spits out a very long string of data, >> starting >> > with $zip2$, but ends with a message saying that "wallet.zip/wallet.dat >> is >> > not encrypted, or stored with a non-handled compression type". >> >> What does "zipinfo <file>" or similar tool say? Or just "zip -l <file>". >> >> It sounds like you got a proper hash (you need to redirect that screen >> output to a file) and the warning you got later is probably from some >> other (not encrypted) file in the archive. Perhaps you accidentally >> added a non-encrypted version to the archive? Try extracting it... >> >> > I wondered whether I needed to use the 7z2john.pl (a perl script?), >> given I >> > used 7-zip to generate the encrypted file? >> >> No, if it's zip format, zip2john is needed. >> >> zip2john archive.zip > hashfile.txt >> john hashfile.txt --prince=components.txt >> >> magnum >> >>
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.