Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <cb6ba55ad28f6afcd9c5f0c49dac284e@smtp.hushmail.com>
Date: Wed, 16 Sep 2020 00:09:56 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking encrypted zip file

On 2020-09-15 19:43, Jasper Jones wrote:
> I'm reasonably certain the password contains two or three main components,
> selected from a couple of words and a long number, linked with some
> combination of punctuation.

Try adding all such components, one on each line, to a short wordlist 
eg. "components.txt". Add punctuation and numbers (either simply digits 
0 through 9 on separate lines, or/and longer numbers like 2020 if you 
know them) as well, on separate lines. Then use PRINCE mode.

> The first issue is that I believe I need to use zip2john.exe to get the
> hash from the zip file. It spits out a very long string of data, starting
> with $zip2$, but ends with a message saying that "wallet.zip/wallet.dat is
> not encrypted, or stored with a non-handled compression type".

What does "zipinfo <file>" or similar tool say? Or just "zip -l <file>".

It sounds like you got a proper hash (you need to redirect that screen 
output to a file) and the warning you got later is probably from some 
other (not encrypted) file in the archive. Perhaps you accidentally 
added a non-encrypted version to the archive? Try extracting it...

> I wondered whether I needed to use the 7z2john.pl (a perl script?), given I
> used 7-zip to generate the encrypted file?

No, if it's zip format, zip2john is needed.

zip2john archive.zip > hashfile.txt
john hashfile.txt --prince=components.txt

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.