John The Ripper Crack Zip File
Cracking a zip using John the Ripper (jtr)
How to do brute-force password cracking of password protected ZIP and RAR files with John the Ripper for Cracking ZIP and crack more than one zip/rar file.
John the Ripper password cracker. John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS.
I ve made hash for this file and trying to run John the Ripper with proper parameters on this hash file. Is it feasible to crack ZIP passwords.
Name: Crack Zip Files With John The Ripper: File size: 14 MB: Date added: January 14, 2015: Price: Free: Operating system: Windows XP/Vista/7/8: Total downloads.
John the Ripper usage you may have John crack only of such a cracking mode with lots of comments in the default configuration file supplied with John.
Humans tend to forget. This is especially true for passswords. Forgetting zip passwords renders the zip file unuseable because it is not possible to recover the content of the zip file without the right password. So once in a while i have to crach my own passwords. I use the tool John the Ripper to recover the lost passwords. John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords.Installation of JTR
I dont know if there is a package distribution of JTR for Ubuntu / Debian, so i decided to compile it by myself. Be sure that you have installed all needed libraries. In my case libssl-dev was missing and the first compilation attempt failes.
sudo apt-get install libssl-dev
tar -xvf. /john-1.8.0-jumbo-1.tar.xz
The previously shown installation downlods the libssl-dev package which is needed for the compilation of JTR. Build essentials have also to be installed, but i assume that you have already installed this package. The Next step is to download the sourcecode to the local directory and to unpack it. Finaly you run configure and make to compile it. On my machine the compilation took about 3 minutes. The result of the compilation will appear in the run folder.
A make install is not necessary for JTR.
If you start JTR without arguments then it prints its help and some configuration information: . /john-1.8.0-jumbo-1/run/john
John the Ripper password cracker, version 1.8.0-jumbo-1_omp linux-gnu 64-bit AVX-autoconf
Copyright c 1996-2014 by Solar Designer and others
Usage: john OPTIONS PASSWORD-FILES
--single SECTION single crack mode
--wordlist FILE --stdin wordlist mode, read words from FILE or stdin
--pipe like --stdin, but bulk reads, and allows rules
--loopback FILE like --wordlist, but fetch words from a. pot file
--dupe-suppression suppress all dupes in wordlist and force preload
--encoding NAME input encoding eg. UTF-8, ISO-8859-1. See also
doc/ENCODING and --list hidden-options.
--rules SECTION enable word mangling rules for wordlist modes
--incremental MODE incremental mode using section MODE
--mask MASK mask mode using MASK
--markov OPTIONS Markov mode see doc/MARKOV
--external MODE external mode or word filter
--stdout LENGTH just output candidate passwords cut at LENGTH
--restore NAME restore an interrupted session called NAME
--session NAME give a new session the NAME
--status NAME print status of a session called NAME
--make-charset FILE make a charset file. It will be overwritten
--show LEFT show cracked passwords if LEFT, then uncracked
--test TIME run tests and benchmarks for TIME seconds each
--users - LOGIN UID. . do not load this these user s only
--groups - GID. . load users not of this these group s only
--shells - SHELL. . load users with out this these shell s only
--salts - COUNT :MAX load salts with out COUNT to MAX hashes
--save-memory LEVEL enable memory saving, at LEVEL 1..3
--node MIN -MAX /TOTAL this node s number range out of TOTAL count
--fork N fork N processes
--pot NAME pot file to use
--list WHAT list capabilities, see --list help or doc/OPTIONS
--format NAME force hash type NAME: 7z AFS agilekeychain aix-smd5
aix-ssha1 aix-ssha256 aix-ssha512 asa-md5 bcrypt
bfegg Bitcoin blackberry-es10 Blockchain bsdicrypt
chap Citrix_NS10 Clipperz cloudkeychain cq CRC32
crypt dahua descrypt Django django-scrypt dmd5 dmg
dominosec dragonfly3-32 dragonfly3-64 dragonfly4-32
dragonfly4-64 Drupal7 dummy dynamic_n eCryptfs EFS
eigrp EncFS EPI EPiServer fde FormSpring Fortigate
gost gpg HAVAL-128-4 HAVAL-256-3 hdaa HMAC-MD5
HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384
HMAC-SHA512 hMailServer hsrp IKE ipb2 KeePass
keychain keyring keystore known_hosts krb4 krb5
krb5-18 krb5pa-md5 krb5pa-sha1 kwallet LastPass LM
lotus5 lotus85 LUKS MD2 md4-gen md5crypt md5ns mdc2
MediaWiki MongoDB Mozilla mscash mscash2 MSCHAPv2
mschapv2-naive mssql mssql05 mssql12 mysql mysql-sha1
mysqlna net-md5 net-sha1 nethalflm netlm netlmv2
netntlm netntlm-naive netntlmv2 nk nsldap NT nt2
o5logon ODF Office oldoffice OpenBSD-SoftRAID
openssl-enc OpenVMS oracle oracle11 osc Panama
PBKDF2-HMAC-SHA1 PBKDF2-HMAC-SHA256
PBKDF2-HMAC-SHA512 PDF PFX phpass PHPS pix-md5 PKZIP
po postgres PST PuTTY pwsafe RACF RAdmin RAKP rar
RAR5 Raw-Blake2 Raw-Keccak Raw-Keccak-256 Raw-MD4
Raw-MD5 Raw-MD5u Raw-SHA Raw-SHA1 Raw-SHA1-Linkedin
Raw-SHA1-ng Raw-SHA224 Raw-SHA256 Raw-SHA256-ng
Raw-SHA384 Raw-SHA512 Raw-SHA512-ng ripemd-128
ripemd-160 rsvp Salted-SHA1 sapb sapg scrypt sha1-gen
sha1crypt sha256crypt sha512crypt Siemens-S7 SIP
skein-256 skein-512 skey Snefru-128 Snefru-256 SSH
SSH-ng SSHA512 STRIP SunMD5 sxc Sybase-PROP sybasease
tc_aes_xts tc_ripemd160 tc_sha512 tc_whirlpool
tcp-md5 Tiger tripcode VNC vtp wbb3 whirlpool
whirlpool0 whirlpool1 WoWSRP wpapsk xsha xsha512 ZIP
The next step is to crack the zip file in my case the Bilder.zip.
. /zip2john /Bilder.zip /Bilder.john
. /john --incremental /Bilder.john
In the forst line JTR is extracting some data and the last line starts the brute-force attack against the zip file. This consumes a lot of CPU cycles - so it may be neccesary to adjust the niceness of the process. If you start JTR in the background then you can see the current status by adding the --status flag: top
top - :22 up , 1 user, load average: 0.86, 0.33, 0.17
Tasks: 88 total, 2 running, 86 sleeping, 0 stopped, 0 zombie
Cpu s : 0.5 us, 0.0 sy, 99.5 ni, 0.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem: 4049740 total, 3912160 used, 137580 free, 225840 buffers
KiB Swap: 0 total, 0 used, 0 free. 1477764 cached Mem
PID USER PR NI VIRT RES SHR S CPU MEM TIME COMMAND
5160 gue 39 19 223776 31612 2564 R 99.4 0.8 .36 john
5238 gue 20 0 24816 1524 1092 R 0.5 0.0 .03 top
14795 snmp 20 0 114892 5988 2740 S 0.5 0.1 .43 snmpd
0g : 0g/s 1536p/s 1536c/s 1536C/s
The 0g in the status indicates that JTR has not found any matching password yet.Final thoughts
Brute force attacks are not the cleverest way how to crack passwords but if you have enough time then this attempt will work. JTR is a great tool that is capable of doing a lot of other stuff like dictionary attacks and so on. Have a look in the FAQ.
Do you sometimes end up with an encrypted zip file that you can t remember the password for. I usually have some idea of what the password may be, and other times I am completely at a loss. In either case jtr is going to be a big help. If you have some guesses of what the password may be you can throw them into a text file. You don t need to bother entering permutations like mybestguess1 we are going to let john handle common permutations. So instead you would enter mybestguess into the text file. An example of my lame dictionary file looks like this:
On the other hand maybe you are just need to try a huge amount of passwords. I suggest you download a massive dictionary file like the rockyou dictionary.
Here is a quick bash script that will join unzip and john together to make your life a little easier:
for i in john --wordlist 2 --rules --stdout
echo -e nArchive password is: i
This is what a simple test run looks like:
. /zip-jtr.sh lame.zip lame.dic
--------- ---------- ----- ----
words: 405 time: : 100 w/s: 1557 current: Lamepassing
Archive password is: lamepass1
Its probably a good idea to create a new directory, drop this script your dictionary and the zip into it and run from there. The reason being that the unzip -o option will clobber files that already exist with the same name.
Crack (ZIP) passwords with John the Ripper
Aug 18, 2012 Do you sometimes end up with an encrypted zip file that you can t Cracking a zip using John the Ripper Using John the Ripper to crack a.
Feb 10, 2012 Crack, John the Ripper, JTR, password, Cracking a zip using John the Ripper Using John the Ripper to crack a password protected RAR archive.