Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CABwuPXdcfF2KH8-+tPDcHWNN3tkM2heHDSdZXR51D11Rp=ufQw@mail.gmail.com>
Date: Wed, 16 Sep 2020 06:26:31 +0100
From: Jasper Jones <jazjones9292@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking encrypted zip file

Thanks very much magnum. I was pretty stressed while doing this last night
and missed out the '>'before the file name when using zip2john. I now have
a txt file with what looks like a hash.

That said, I'm still getting an error as well: "ver 5.1
wallet.zip/wallet.dat is not encrypted, or stored with non-handled
compression type".

> It sounds like you got a proper hash (you need to redirect that screen
output to a file) and the warning you got later is probably from some
> other (not encrypted) file in the archive. Perhaps you accidentally added
a non-encrypted version to the archive? Try extracting it...

There's definitely only a single file - wallet.dat - in the archive, so
this is a little puzzling. I'm not sure how adding a password with AES-256
encryption works - I assume encrypts just the file after compression?

> What does "zipinfo <file>" or similar tool say? Or just "zip -l <file>".

I don't have zipinfo (I'm on Windows), but I could download a bootable
Linux distribution if that would help. 7zip itself gives some info about
the compressed file:

- attributes: An
- Encrypted: +
- Method: AES-256 Deflate

(There's some other stuff about file size, dates, etc, but  assume it's the
encryption info that's needed?)

Many thanks
Jasper



On Tue, 15 Sep 2020 at 23:10, magnum <john.magnum@...hmail.com> wrote:

> On 2020-09-15 19:43, Jasper Jones wrote:
> > I'm reasonably certain the password contains two or three main
> components,
> > selected from a couple of words and a long number, linked with some
> > combination of punctuation.
>
> Try adding all such components, one on each line, to a short wordlist
> eg. "components.txt". Add punctuation and numbers (either simply digits
> 0 through 9 on separate lines, or/and longer numbers like 2020 if you
> know them) as well, on separate lines. Then use PRINCE mode.
>
> > The first issue is that I believe I need to use zip2john.exe to get the
> > hash from the zip file. It spits out a very long string of data, starting
> > with $zip2$, but ends with a message saying that "wallet.zip/wallet.dat
> is
> > not encrypted, or stored with a non-handled compression type".
>
> What does "zipinfo <file>" or similar tool say? Or just "zip -l <file>".
>
> It sounds like you got a proper hash (you need to redirect that screen
> output to a file) and the warning you got later is probably from some
> other (not encrypted) file in the archive. Perhaps you accidentally
> added a non-encrypted version to the archive? Try extracting it...
>
> > I wondered whether I needed to use the 7z2john.pl (a perl script?),
> given I
> > used 7-zip to generate the encrypted file?
>
> No, if it's zip format, zip2john is needed.
>
> zip2john archive.zip > hashfile.txt
> john hashfile.txt --prince=components.txt
>
> magnum
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.