13

I'm attempting to use JTR against a password protected zip.

I have created the hash file using:
zip2john filename.zip > filename.hash
and i get a successful output:
file.txt is using AES encryption, extrafield_length is 11

But when I attempt to run:
john filename.hash
I get:
Using default input encoding: UTF-8
No password hashes loaded (see FAQ)

I have checked the FAQ and also checked a related post at "No password hashes loaded" John does not recognise my hashes but no luck

Does anyone have a solution?

peterh
  • 2,938
  • 6
  • 25
  • 31
16b7195abb140a3929bbc322d1c6f1
  • 3,334
  • 4
  • 15
  • 20
  • Would you mind posting the contents of filename.hash? Preferably obfuscate the actual hash so it is not revealed to the internett. – Chris Dale Dec 29 '15 at 08:04
  • 1
    Which version of JtR are you using? Cracking zip require the community enhanced versions of JtR a.k.a the jumbo versions. – void_in Dec 29 '15 at 08:07
  • The contents of filename.hash are `filename.zip:$zip$*0*1*095d6ee25adfb2bb*ea14`. It's not an important hash so i've provided the original hash as is. It's only a test of JTR. I'm using JTR Version: `John the Ripper password cracker, version 1.8.0.6-jumbo-1-bleeding_omp [linux-gnu 64-bit SSE2-autoconf]` – 16b7195abb140a3929bbc322d1c6f1 Dec 29 '15 at 08:29

4 Answers4

3

There seems to be something wrong with your JTR installation. I suggest reinstalling/recompiling and trying again. When I run the hash you supplied in the comments, I get the following:

Loaded 1 password hash (zip [32/32])

It is currently cracking against a 160mb wordlist.

Chris Dale
  • 16,119
  • 10
  • 56
  • 97
  • I tried `apt-get install --reinstall john` on Kali Linux then `john filename.hash` but i'm still getting the same error. The default version on Kali Linux is the Jumbo Version `John the Ripper password cracker, version 1.8.0.6-jumbo-1-bleeding_omp [linux-gnu 64-bit SSE2-autoconf`. Is this version sufficient for cracking this hash? – 16b7195abb140a3929bbc322d1c6f1 Dec 29 '15 at 11:42
  • 1
    I don't know. I am testing on Windows with the following version: 1.7.9-jumbo-5 [win32-cygwin-x86-sse2i] . Try downgrading your version. – Chris Dale Dec 29 '15 at 12:21
  • 5
    Confirmed. This appears to be an issue with JTR versions 1.8.0+. I installed JTR 1.7.9 Jumbo and now everything is working. – 16b7195abb140a3929bbc322d1c6f1 Dec 29 '15 at 23:47
  • 1
    Going through the Comp TIA+ Security training and this is one of the lab exercises. Don't have a lot of experience using Linux, how to install an older version of JTR? Currently running 1.8.0.6 and having the same problem. Thanks. – Tikhon Mar 02 '18 at 17:17
  • Same problem here. Version 1.8.0.6-jumbo-1-0kali9 – cactuschibre Jul 02 '18 at 18:42
2

Not sure if this response is still useful but as of Feb 19, John 1.8.0.13-jumbo-1-bleeding works. I was previously using 1.8.0.6-jumbo-1-bleeding which had that problem. You can update it easily with 

apt-get install john

Historical versions of John can be found here

https://openwall.info/wiki/john/custom-builds?do=revisions

https://download.openwall.net/pub/projects/john/contrib/linux/historical/

You don't really have to install it, just unzip and execute it from the "run" subdirectory.

Ivan
  • 21
  • 5
0

You need John the Ripper jumbo release to crack hashes generated from zip2john (https://www.openwall.com/john/doc/FAQ.shtml). You could download John the Ripper jumbo release from this webpage: https://www.openwall.com/john/ .

Minh-Triet Pham Tran
  • 500
  • 3
  • 7
0

try to specify the format like this

john --format=crypt yourFile.txt

I refer to this link to find my hash format

http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats

ahmdIrfanz
  • 1
  • 2