|
Message-ID: <1317685003.3013034.1472543946672@mail.yahoo.com> Date: Tue, 30 Aug 2016 07:59:06 +0000 (UTC) From: Sebastian Heyn <sebastian.heyn@...oo.de> To: <john-users@...ts.openwall.com> Subject: Re: Which is the correct hash? The file has a weird structure. backup.zip <- password encrypted ver 1.0 Pic.zip->Neu Textdatei.txt PKZIP Encr: cmplen=12, decmplen=0, crc=0 ver 1.0 Pic.zip->bilder.zip PKZIP Encr: cmplen=16969698, decmplen=16969686, crc=7F501B9D <- the file itself is also password encrypted and zip2john doesn't seem to know the -m option. Do I need to enable anything when configuring it? ./zip2john -m ../../Backup.zip >backup.hash ./zip2john: invalid option -- 'm' -------------------------------------------- magnum <john.magnum@...hmail.com> schrieb am Mo, 29.8.2016: Betreff: Re: [john-users] Which is the correct hash? An: john-users@...ts.openwall.com Datum: Montag, 29. August, 2016 22:37 Uhr On 2016-08-29 21:00, Sebastian Heyn wrote: > I'm trying to bruteforce an old backup.zip file that i found after over 10 years and I wanted to have a look at. Now I obviously forgot the password. > My problem is that with john-1.7.9 (gentoo) the zip2john script gives a pkzip hash which is a 92 byte file ($PKZIP$). However when I use jumbo-john from git, zip2john gives a > 32mb hashfile containing a $PKZIP2 hash. which is the correct one? is there any known bugs in either version? > > -> the pkzip hash brutes at 19k/sec > -> the pkzip2 hash brutes at 100/sec (--fork=32 gives x32 speed) > > any idea which is correct hash to brute force? Generic answer: Obviously the newer version. The 1.7.9 version is so very old you shouldn't use it other than for curious comparisons. I can't even recall all changes to this format but some serious issues have been addressed, and quite possibly some performance improvements. A more specific answer for your case is that the difference in speed you mention MAY be due to the older version defaulting to "file magic" whereas the newer does not. Does this zip file contains just one (or few) large file and no small ones? You can use -m as in "zip2john -m backup.zip > OUTFILE" to enable file magic and see where that gets you. Just beware that resorting to file magic can be error prone (you might end up with false negatives) and that is why we don't default to it anymore. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.