Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20250202014454.GB8542@openwall.com>
Date: Sun, 2 Feb 2025 02:44:54 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Zip file assistance

Hi Scott,

What you're doing is almost right, but not exactly.

On Sat, Feb 01, 2025 at 06:01:44PM -0600, Scott Techlist wrote:
> JTR jumbo compiled for windows (1.9.0-jumbo-1 64-bit Windows)

That's fine, but you could get better results by using a more recent
Windows build over the "Download Windows Build" badge/link off our GitHub:

https://github.com/openwall/john

It currently links to:

https://github.com/openwall/john-packages/releases

There have been bug fixes related to PKZIP file support since the
1.9.0-jumbo-1 release.

That said, if you only need to crack one password, then you can continue
with your currently installed version first - just correct its usage
(see below).  Only if that doesn't crack the password, you upgrade and
try again.

> Johnny Windows GUI (2.2)

Few of us in here are familiar with Johnny (we normally use the
command-line directly).

> I have a couple of zip files I password protected several years ago, almost surely created with PKZip, file dates 2009 and 2015 , I've forgotten the tail end of what I am confident is a 1 word password.  I have a high confidence in knowing the first 10 characters of the password, with the remainder probably up to 8 numbers.

You can write this as a mask - first the 10 known characters verbatim,
then ?d?d?d?d?d?d?d?d for 8 digits (adjust the number to try other than
8 as well).

> In the GUI, I enter a value for "guess password" 

You shouldn't.  That's a weird feature, which merely tests _one_
password guess you enter.

> The command line generated is apparently:
> 
> C:/Users/scott/Downloads/john-1.9.0-jumbo-1-win64/john-1.9.0-jumbo-1-win64/run/john.exe --format=PKZIP --mask= --session=C:/Users/scott/.john/sessions/02-01-25-17-34-36 C:/Users/scott/pw.lst

It looks like you chose mask mode (good!) but did not specify a mask, so
it's using the default mask instead of what you need.  That's the main
issue.  You'll wan to enter your mask with the known portion and ?d's
into the right Johnny input field in the Mask tab.

> My questions are:
> 
> 1) Does this look like the correct procedure and resulting command line for my single zip file password retrieval?  

Almost, but you need the correct mask.

> 2) Is there anything I can do to improve my command?  Particularly since I know the start of the password.  

Yes, see above.

> 3) Any estimate on how long this would take with this single word password?

With the correct mask and given the speed you show, it should take a few
seconds to find the missing 8 digits.

However, if you're wrong that it's 8 or that it's just digits, then
it'll take longer for you and John to also try other possibilities.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.