Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 29 Dec 2020 11:57:15 -0500
From: Robert Dixon <robertde12e@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: use data from known password zipfile created by the
 same machine/user?

Use your best guess as to what the password could be. How many characters?
Do you remember part of it? What characters could you have used? Do you
have any idea of the positions of any of the characters? Take all that
information and use Crunch to create a word list. If your best guess with
all of that works your golden if not change one variable and make another
Crunch list keep doing that until you get the password. If your best guess
is good then you shouldn't need to make that many lists. The reason I'm
saying to do it this way is you can control what happens in a particular
position of the password. If you know the third character will be a number
and the fifth will be a special symbol then that drastically cuts down on
the amount of guesses. If you let the program make random guesses then your
adding in far more than you need to deal with. I'm not knocking JTR but if
you have even a half decent Nvidia GPU try Hashcat. I have a RTX 2070 and
it can go through a 9 or 10 GB list in a few hours with Hashcat it's a
little slower with JTR.

On Tue, Dec 29, 2020, 5:51 AM Jeff Johnson <echo5juliet@...il.com> wrote:

> Hello,
>
> I have two zip files I created on the same machine. One password I know,
> the other I have lost. I have created zip2john hash files for both zip
> files. File1.zip I know the password for. File2.zip I don't.
>
> Is it possible to gather any kind of hash result or salt from processing
> the File1.zip file that will aid jtr in figuring out File2.zip easier?
>
> File1.zip password is very similar to: 1Jump.H1gh3r
> It's highly likely I used similar kinds of letter replacement for File2.zip
>
> I tried:
> ./john File2.hash
> and
> ./john --wordlist=rockyou.txt --rules:All File2.hash
>
> If it lends any clues to a good method or approach to take the File2.hash
> starts like this:
> File2.zip:$pkzip2$3*2*1*0*8*24*40ce*92f4*
>
> I feel like I am not approaching this in a smart method.
>
> Any help is appreciated.
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.