Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 22 Jul 2015 00:25:12 +0200
From: Marek Wrzosek <marek.wrzosek@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Re:  Re: restore difficult zip password

Hi Kamil

JtR needs zip file to crack the password, either it's stored inside file
produced by zip2john command (if it's small enough) or as separate file
(the john needs zip file and the product of zip2john). They need your
archive (that one with 'asd' password) to check where is the problem or
they would need to get the exact same version of zip as is in OpenSUSE
13.2. Does 'bleeding-jumbo' have problems cracking that zip file with
'asd' password?

Best Regards

Cześć Kamil

JtR potrzebuje pliku zip, by złamać hasło, obojętnie czy jest
przechowany w pliku otrzymanym przez polecenie zip2john (jeśli jest
dostatecznie mały) lub jako oddzielny plik (wtedy john potrzebuje pliku
zip oraz efektu polecenia zip2john). Oni potrzebują twojego archiwum
(tego z hasłem 'asd'), żeby sprawdzić gdzie leży problem, albo będą
musieli zdobyć dokładnie tą samą wersję zip jaka jest w OpenSUSE 13.2.
Czy 'bleeding-jumbo' ma problemy łamiąc zip z hasłem 'asd' (który
stworzyłeś)?

Pozdrawiam

W dniu 21.07.2015 o 18:46, rysic pisze:
> WTF? :-)
> 
> I'll check it again!
> 
> W dniu 2015-07-20 15:45:30 użytkownik magnum <john.magnum@...hmail.com> napisał:
>> On 2015-07-20 15:36, magnum wrote:
>>> No it means the test6.zip file need to be present (as well as the
>>> test6.h file) for us to reproduce the problem.
>>>
>>> But if I download john-1.8.0-jumbo-1.tar.xz I should be able to
>>> reproduce. I'll try that.
>>
>> $ zip --encrypt test6.zip ~/Desktop/john-1.8.0-jumbo-1.tar
>> Enter password:
>> Verify password:
>>    adding: Users/magnum/Desktop/john-1.8.0-jumbo-1.tar (deflated 45%)
>>
>> $ ../run/zip2john test6.zip >test.in
>> ver 14  efh 5455  efh 7875 
>> test6.zip->Users/magnum/Desktop/john-1.8.0-jumbo-1.tar PKZIP Encr: 2b 
>> chk, TS_chk, cmplen=32762705, decmplen=59392000, crc=9FEB9743
>>
>> $ ../run/john test.in
>> Using default input encoding: UTF-8
>> Loaded 1 password hash (PKZIP [32/64])
>> Will run 8 OpenMP threads
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> asd              (test6.zip)
>> 1g 0:00:00:02 DONE 3/3 (2015-07-20 15:42) 0.3496g/s 81822p/s 81822c/s 
>> 81822C/s 142408..moolfe
>> Use the "--show" option to display all of the cracked passwords reliably
>> Session completed
>>
>> magnum
>>
>>
> 
> 
> 

-- 
Marek Wrzosek
marek.wrzosek@...il.com

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.