Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <DB5326BA-3FE6-42D2-83DB-0C8A5DD28896@philippteister.com>
Date: Sat, 20 Feb 2016 18:04:49 +0100
From: Philipp Teister <login@...lippteister.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking zip files

Hi Alex,

ZIP is actually broken and can be brute-forced with a proper dictionary.
I tested it with a custom zip pwd cracker, it returned mulitple solutions (pwds) for one zip archive.

You can write something like this yourself, for example: I used not more than 15 lines in python

I am sry if this answer is a bit off-topic(JTR-wise) but nonetheless this solution worked for me many times


best -Philipp

> On 20 Feb 2016, at 17:03, Alex <mysqlstudent@...il.com> wrote:
> 
> Hi,
> 
> I'm using john-1.7.9-jumbo-8-RC_omp on fedora22 on an x86_64 desktop
> and have a zip file with two CSV files in it that I need to access.
> 
> After creating the shadow entry with zip2john, I start to crack the
> password. However, it just keeps printing "possible" passwords, none
> of which appear to work. Is there a point where it prints the actual
> password? Or do I need to continually try those which it *thinks* are
> the passwords?
> 
> It also shows there was one hash cracked when using --show, it doesn't work:
> [alex@...x-pc ~]$ john --show zipfile.john
> zipfile.zip:ashoon:::::zipfile.zip
> 
> 1 password hash cracked, 0 left
> 
> How long is the typical time it takes to crack a zip password at about
> 8k c/s? Should I expect several days with current hardware?
> model name      : AMD Phenom(tm) II X6 1090T Processor
> cpu MHz         : 3210.771
> cache size      : 512 KB
> 
> guesses: 13  time: 0:00:01:12 0.00%  c/s: 8270  trying: pee64 - pigi4
> 
> [alex@...x-pc ~]$ zip2john zipfile.zip > zipfile.john
> zipfile.zip->02-10_hosts.csv is using AES encryption, extrafield_length is 11
> [alex@...x-pc ~]$ john --incremental zipfile.john
> Loaded 1 password hash (WinZip PBKDF2-HMAC-SHA-1 [32/64])
> Note: This format may emit false positives, so it will keep trying even after
> finding a possible candidate.
> ashoon           (zipfile.zip)
> matou            (zipfile.zip)
> brypoo           (zipfile.zip)
> abe113           (zipfile.zip)
> br1e2            (zipfile.zip)
> 0706812          (zipfile.zip)
> ...
> 
> Any ideas greatly appreciated.
> Thanks,
> Alex


Download attachment "signature.asc" of type "application/pgp-signature" (843 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.