Cracking a zip using John the Ripper (jtr)

How to do brute-force password cracking of password protected ZIP and RAR files with John the Ripper for Cracking ZIP and crack more than one zip/rar file.

John the Ripper password cracker. John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS.

I ve made hash for this file and trying to run John the Ripper with proper parameters on this hash file. Is it feasible to crack ZIP passwords.

Name: Crack Zip Files With John The Ripper: File size: 14 MB: Date added: January 14, 2015: Price: Free: Operating system: Windows XP/Vista/7/8: Total downloads.

John the Ripper usage you may have John crack only of such a cracking mode with lots of comments in the default configuration file supplied with John.

Humans tend to forget. This is especially true for passswords. Forgetting zip passwords renders the zip file unuseable because it is not possible to recover the content of the zip file without the right password. So once in a while i have to crach my own passwords. I use the tool John the Ripper to recover the lost passwords. John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords.Installation of JTR

I dont know if there is a package distribution of JTR for Ubuntu / Debian, so i decided to compile it by myself. Be sure that you have installed all needed libraries. In my case libssl-dev was missing and the first compilation attempt failes.

sudo apt-get install libssl-dev

tar -xvf. /john-1.8.0-jumbo-1.tar.xz

The previously shown installation downlods the libssl-dev package which is needed for the compilation of JTR. Build essentials have also to be installed, but i assume that you have already installed this package. The Next step is to download the sourcecode to the local directory and to unpack it. Finaly you run configure and make to compile it. On my machine the compilation took about 3 minutes. The result of the compilation will appear in the run folder.

A make install is not necessary for JTR.

If you start JTR without arguments then it prints its help and some configuration information: . /john-1.8.0-jumbo-1/run/john

John the Ripper password cracker, version 1.8.0-jumbo-1_omp linux-gnu 64-bit AVX-autoconf

Copyright c 1996-2014 by Solar Designer and others

Usage: john OPTIONS PASSWORD-FILES

--single SECTION         single crack mode

--wordlist FILE --stdin wordlist mode, read words from FILE or stdin

--pipe  like --stdin, but bulk reads, and allows rules

--loopback FILE         like --wordlist, but fetch words from a. pot file

--dupe-suppression        suppress all dupes in wordlist and force preload

--encoding NAME           input encoding eg. UTF-8, ISO-8859-1. See also

doc/ENCODING and --list hidden-options.

--rules SECTION         enable word mangling rules for wordlist modes

--incremental MODE       incremental mode using section MODE

--mask MASK               mask mode using MASK

--markov OPTIONS         Markov mode see doc/MARKOV

--external MODE           external mode or word filter

--stdout LENGTH         just output candidate passwords cut at LENGTH

--restore NAME          restore an interrupted session called NAME

--session NAME            give a new session the NAME

--status NAME           print status of a session called NAME

--make-charset FILE       make a charset file. It will be overwritten

--show LEFT             show cracked passwords if LEFT, then uncracked

--test TIME             run tests and benchmarks for TIME seconds each

--users - LOGIN UID. . do not load this these user s only

--groups - GID. .      load users not of this these group s only

--shells - SHELL. .    load users with out this these shell s only

--salts - COUNT :MAX    load salts with out COUNT to MAX hashes

--save-memory LEVEL       enable memory saving, at LEVEL 1..3

--node MIN -MAX /TOTAL    this node s number range out of TOTAL count

--fork N                  fork N processes

--pot NAME                pot file to use

--list WHAT               list capabilities, see --list help or doc/OPTIONS

--format NAME             force hash type NAME: 7z AFS agilekeychain aix-smd5

aix-ssha1 aix-ssha256 aix-ssha512 asa-md5 bcrypt

bfegg Bitcoin blackberry-es10 Blockchain bsdicrypt

chap Citrix_NS10 Clipperz cloudkeychain cq CRC32

crypt dahua descrypt Django django-scrypt dmd5 dmg

dominosec dragonfly3-32 dragonfly3-64 dragonfly4-32

dragonfly4-64 Drupal7 dummy dynamic_n eCryptfs EFS

eigrp EncFS EPI EPiServer fde FormSpring Fortigate

gost gpg HAVAL-128-4 HAVAL-256-3 hdaa HMAC-MD5

HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384

HMAC-SHA512 hMailServer hsrp IKE ipb2 KeePass

keychain keyring keystore known_hosts krb4 krb5

krb5-18 krb5pa-md5 krb5pa-sha1 kwallet LastPass LM

lotus5 lotus85 LUKS MD2 md4-gen md5crypt md5ns mdc2

MediaWiki MongoDB Mozilla mscash mscash2 MSCHAPv2

mschapv2-naive mssql mssql05 mssql12 mysql mysql-sha1

mysqlna net-md5 net-sha1 nethalflm netlm netlmv2

netntlm netntlm-naive netntlmv2 nk nsldap NT nt2

o5logon ODF Office oldoffice OpenBSD-SoftRAID

openssl-enc OpenVMS oracle oracle11 osc Panama

PBKDF2-HMAC-SHA1 PBKDF2-HMAC-SHA256

PBKDF2-HMAC-SHA512 PDF PFX phpass PHPS pix-md5 PKZIP

po postgres PST PuTTY pwsafe RACF RAdmin RAKP rar

RAR5 Raw-Blake2 Raw-Keccak Raw-Keccak-256 Raw-MD4

Raw-MD5 Raw-MD5u Raw-SHA Raw-SHA1 Raw-SHA1-Linkedin

Raw-SHA1-ng Raw-SHA224 Raw-SHA256 Raw-SHA256-ng

Raw-SHA384 Raw-SHA512 Raw-SHA512-ng ripemd-128

ripemd-160 rsvp Salted-SHA1 sapb sapg scrypt sha1-gen

sha1crypt sha256crypt sha512crypt Siemens-S7 SIP

skein-256 skein-512 skey Snefru-128 Snefru-256 SSH

SSH-ng SSHA512 STRIP SunMD5 sxc Sybase-PROP sybasease

tc_aes_xts tc_ripemd160 tc_sha512 tc_whirlpool

tcp-md5 Tiger tripcode VNC vtp wbb3 whirlpool

whirlpool0 whirlpool1 WoWSRP wpapsk xsha xsha512 ZIP

The next step is to crack the zip file in my case the Bilder.zip.

. /zip2john /Bilder.zip /Bilder.john

. /john --incremental /Bilder.john 

In the forst line JTR is extracting some data and the last line starts the brute-force attack against the zip file. This consumes a lot of CPU cycles - so it may be neccesary to adjust the niceness of the process. If you start JTR in the background then you can see the current status by adding the --status flag: top

top - :22 up ,  1 user,  load average: 0.86, 0.33, 0.17

Tasks:  88 total,   2 running,  86 sleeping,   0 stopped,   0 zombie

Cpu s :  0.5 us,  0.0 sy, 99.5 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st

KiB Mem:   4049740 total,  3912160 used,   137580 free,   225840 buffers

KiB Swap:        0 total,        0 used,        0 free.  1477764 cached Mem

PID USER      PR  NI    VIRT    RES    SHR S CPU MEM     TIME COMMAND

5160 gue       39  19  223776  31612   2564 R 99.4  0.8   .36 john

5238 gue       20   0   24816   1524   1092 R  0.5  0.0   .03 top

14795 snmp      20   0  114892   5988   2740 S  0.5  0.1   .43 snmpd

0g :  0g/s 1536p/s 1536c/s 1536C/s

The 0g in the status indicates that JTR has not found any matching password yet.Final thoughts

Brute force attacks are not the cleverest way how to crack passwords but if you have enough time then this attempt will work. JTR is a great tool that is capable of doing a lot of other stuff like dictionary attacks and so on. Have a look in the FAQ.

Do you sometimes end up with an encrypted zip file that you can t remember the password for.  I usually have some idea of what the password may be, and other times I am completely at a loss. In either case jtr is going to be a big help. If you have some guesses of what the password may be you can throw them into a text file. You don t need to bother entering permutations like mybestguess1  we are going to let john handle common permutations. So instead you would enter mybestguess into the text file. An example of my lame dictionary file looks like this:

On the other hand maybe you are just need to try a huge amount of passwords. I suggest you download a massive dictionary file like the rockyou dictionary.

Here is a quick bash script that will join unzip and john together to  make your life a little easier:

for i in john --wordlist 2 --rules --stdout

echo -e nArchive password is: i

This is what a simple test run looks like:

. /zip-jtr.sh lame.zip lame.dic

--------- ---------- ----- ----

words: 405 time: : 100 w/s: 1557 current: Lamepassing

Archive password is: lamepass1

Its probably a good idea to create a new directory, drop this script your dictionary and the zip into it and run from there. The reason being that the unzip -o option will clobber files that already exist with the same name.

Crack (ZIP) passwords with John the Ripper

Aug 18, 2012  Do you sometimes end up with an encrypted zip file that you can t Cracking a zip using John the Ripper Using John the Ripper to crack a.

Feb 10, 2012  Crack, John the Ripper, JTR, password, Cracking a zip using John the Ripper Using John the Ripper to crack a password protected RAR archive.