2

When I use JtR to crack an encrypted zip file I have, it seems like JtR doesn't go through the wordlist I have ... I do the following steps:

$ brew install john-jumbo
$ export PATH=$PATH:/usr/local/share/john
$ zip2john File.zip > zip_hash.txt
$ john --format=PKZIP --wordlist my_wordlist.txt   zip_hash.txt

It exists right away with this message:

0g 0:00:00:00 DONE (2017-10-30 12:09) 0g/s 3923Kp/s 3923Kc/s 3923KC/s zoo-ecology..zymo- Session completed

While the password is not cracked yet. What am I doing wrong?

UPDATE (contents of the hash file)

Center.zip:$pkzip2$3*2*1*1*8*c0*2f26*4e22*5df1ca5386c4d0647a9dfd8e4b27e1e265e757c3e4511d6ddb3b773078beb7bdb702615dc7c4643edc2d363eaa9bf99fefa8a221d81b90ab544c7c870a0fe30e1b1034cf5bd16dfa3427831c4ec3f63941347740ec81c162afd8961c04c83ff32e906589d6cebba47deb26047f4fcbcf15f2aa3ca7b8d0712e2e6cccefef0240c565fda54dbd670d8edc3dfa3a4b508d8a4439fabc38b1efe166476bfa10a21496d5114c8e140c94845d16680fd4094e3a1d972e1e3ea4e5c71e21eb632ce2fa*1*1*8*c0*8097*593d*db75436a31a2a79548271d419389ed892141d598002a01edfbf2b321dc1d58a70b7f4e01280cfd10d562e2da67dd1384ef3cc5299d18e89bbc8828f17617e7071c501f92fa32813ebb62c4a9617c27e3aac5c351a56124ea3aa3fd4405969445b9d0db123203f1f7f91d31c39ad8c10673b66fb1cb4ec7f4e1e05de1abc41b04348fe1ab608ba9a5b5e96f467f4a1ced83fc3235ea25f94b1ce991f1734eed9c09836da5cf391098da5fc2abba32af16571edbb041aa79d6904ff409282db147*2*0*23*40*3014924*258ce2*35*8*23*0301*5aa1*1002bfb8b96dac44b790d65ff0af3ee571d7daa27563ff223596b9f96ef2f3b947d33b*$/pkzip2$:::::Center.zip

P.S. Center.zip is the file name to be cracked.

securecurve
  • 153
  • 2
  • 7
  • 1
    There is a `=` missing after `--wordlist`. I also recommend using `--rules`. Also, are you sure the password is in the wordlist? – Volker Oct 30 '17 at 10:44
  • @Volker, Thanks for the comment ... I added the equal sign and still I have the same problem ... and yes, the file has list of words separated by newlines – securecurve Oct 30 '17 at 10:50
  • I recently ran into a similar problem at a NetWars challenge, thus being fairly sure the password is in the list and no rules are needed as the hints say so. – Tobi Nary Oct 30 '17 at 11:04
  • Yet: OP, it is easy to miss a single cracked password in the first run and John is never telling you again. Did you try `--show` to see if it has been cracked in a previous run? – Tobi Nary Oct 30 '17 at 11:11
  • @SmokeDispenser .. I use the --show option and it throws: `0 password hashes cracked, 1 left` – securecurve Oct 30 '17 at 11:40
  • May be an encoding issue of the wordlist file. – Volker Oct 30 '17 at 11:42
  • @SmokeDispenser, I also added the --rules parameter, and still, finishes instantaneously with such a message: `Loaded 1 password hash (PKZIP [32/64]) Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:00 DONE (2017-10-30 13:41) 0g/s 918853p/s 918853c/s 918853C/s Khzing..Zzting Session completed` – securecurve Oct 30 '17 at 11:42
  • @Volker, the wordlist files I use are all in english, though, it could be an encoding issue. How to solve it if it is an encoding issue? – securecurve Oct 30 '17 at 11:43
  • Check the encoding with `file my_wordlist.txt`, and if it's not UTF-8, ASCII or ISO-8859-1 convert it to ASCII with `iconv` – Volker Oct 30 '17 at 11:49
  • @Volker, I did as you say: `file hash.txt`, it prints this: `hash.txt: ASCII text, with very long lines` – securecurve Oct 30 '17 at 11:52
  • Sorry I did the check with the hash file in the comment before, I did it now with the wordlist, and it is ascii: `wordList: ASCII text` – securecurve Oct 30 '17 at 11:54
  • Can you post the hash? Maybe something went wrong with `zip2john`. Change up some hex values if privacy is a concern. – Volker Oct 30 '17 at 12:00
  • No, privacy is not a concern for this file. Please check the update in my question. – securecurve Oct 30 '17 at 12:04

0 Answers0