The password for the rar file is 'test1234' and the password for the zip file is 'test4321'. In the 'run' folder of John the Ripper community version (I am using John-1.7.9-jumbo-7), there are two programs called 'zip2john' and 'rar2john'. Run them against their respective file types to extract the password hashes. (, 07:31 AM) epixoip Wrote: zip2john, but not all zip formats are supported. What command did you use to crack encrypted zip file? I tried, but not worked.
I am getting the infamous 'No password hashes loaded' error while trying to
run john on a zip2john output file:
$ john zip.hashes
Using default input encoding: UTF-8
No password hashes loaded (see FAQ)
$ cat zip.hashes
20140408.zip:$pkzip2$3*2*1*0*8*24*b6da*85b8*a79232128f54f62d552a67d013aee4932839b67502020349ff2faa3096db6cb6457ccc09*1*0*8*24*fedf*84fd*59e3687f75182a6616d830788bbe19cdeb4143816ed7e1dc119d58d29f99c8dd358e262c*2*0*8f*84*f04dd388*3992*77*8*8f*f04d*8572*d101db33e767ac1858cbddbc29af0e3d48f27445383523168509667c03620353699365b955b506b83b299be65ac065a4aa130f8b1cc7605b6720a1a79f8771c311ee9c95f4d958f81debaaea03746299d8e3e2a90a9a4956ea9a40a8a055859af2f08ab0ec7b88599f08a513ea8fc30e4ba5baf1cd81263d51c761e12ca743a29f24a90f4cceb1d3406352aaf0146c*$/pkzip2$:::::20140408.zip
$ john --help | head -n 1
John the Ripper password cracker, version 1.8.0.6-jumbo-1-bleeding
[linux-x86-64-avx]
I read the answers in FAQ and a dozen other recommendations returned by
Google, but had no luck. I will appreciate any helps.
Best.
This post is a continuation from my last regarding cracking encrypted .zip archives. But what happens if you come across an encrypted 7zip archive? The 7-Zip encryption is actually quite good and can require a lot of time to bruteforce, but this guide will show you how weak passwords can still break good encryption.
I’ll use LightWeight from HackTheBox as an example for this guide. Please note that this post does not intend to serve as a walkthrough for the box.
To begin, we already have the archive we wish to crack on our filesystem. Our goal is to crack the file named backup.7z.
We try to open the archive using 7z, but we’re prompted for a password that we do not know. When prompted, I entered password
in the example below, but that did not work.
7z x backup.7z
We can start by using zip2john
, but we find that the tool is unable to obtain the hash.
To proceed, we’ll need a tool called 7z2john
. If you get an error when trying to run this tool, you may need to install the following package.
sudo apt install libcompress-raw-lzma-perl -y
With that package installed, let’s locate 7z2john
and copy the full path.
Now let’s run this tool against backup.7z.
/usr/share/john/7z2john.pl backup.7z
Nice! We’ve extracted the hash. I’m just going to rerun the command again and output the results into a file named lightweight7z.hash
/usr/share/john/7z2john.pl backup.7z > lightweight7z.hash
Now let’s vi
the file so we can remove the first bit. With the cursor at the top, I’m going to enter 10x
while still in command mode so that I delete the first 10 characters. We should be left with only the hash now. To write my changes and quit, I’ll enter :wq
With the hash in hand, we’re ready to pass the hard work over to hashcat. First, we need to identify what numeric value hashcat assigns to 7-zip archives. Let’s run hashcat --example-hashes
and search the results for 7-Zip. We find that we’ll need mode 11600
Zip2john Download Linux
As long as you have a wordlist ready, let’s throw this at hashcat!
hashcat -m 11600 lightweight7z.hash /usr/share/wordlists/rockyou.txt
After some time, we see that our password is cracked. The credential appears to be delete
.
Let’s test this by running 7z x backup.7z
again, but entering delete
when prompted for the credential.
Now we see the archived .php files available to us in our present working directory!
Zip2john Linux
That’s it! Super quick and easy to crack this if you have a weak password. While the 7-zip encryption is actually quite good and can make a password very difficult to crack, weak passwords will end up harming you in the end.