0

I have a zip file containing a JPEG image of size 3.5 MB, encrypted with AES-256. I used WinZip for the creation of the zip file. In order to create the hash of the zip file, I used John The Ripper's zip2john which created 2 hashes, where the hashes starts and ends like this:

$zip2$*0*3*0*7076f893dbcdc27f228fa179ff990807*86eb*b0920*   ...   *$/zip2$

$pkzip2$1*1*2*0*b093c*b3abd*705a9e08*0*50*63*b093c*705a*6cf1*   ...   *$/pkzip2$

Now when i saved the hash to a textfile, the file size became 14.9 MB. In order to crack the password I have downloaded and compiled the latest hashcat (v5.1.0-1631-gcc4fd48a) from GitHub and PRINCE processor for word generation. Now when I start hashcat I get following error: 

root@sam-workstation:~/Desktop/dddd# ./princeprocessor-0.22/pp64.bin < wl/mywords.txt --pw-min=8 --pw-max=20 | /installs/apps/hashcat/hashcat -a 0 -m 13600 -w 4 northern-lights-hash.txt 
hashcat (v5.1.0-1631-gcc4fd48a) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #3: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

CUDA API (CUDA 10.2)
====================
* Device #1: GeForce GTX 1660 Ti, 5092/5944 MB, 24MCU

OpenCL API (OpenCL 2.1 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #2: Intel(R) Gen9 HD Graphics NEO, 12671/12735 MB (4095 MB allocatable), 24MCU

OpenCL API (OpenCL 1.2 CUDA 10.2.115) - Platform #2 [NVIDIA Corporation]
========================================================================
* Device #3: GeForce GTX 1660 Ti, skipped

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Counted lines in northern-lights-hash.txt...
Oversized line detected! Truncated 14179435 bytes

Oversized line detected! Truncated 14179435 bytes
Hashfile 'northern-lights-hash.txt' on line 1 ($zip2$...9d33a3321d1f1654688b199af944ad41): Separator unmatched
No hashes loaded.

But, hashcat doesn't return any error if the zip file contains a small txt file, of which the hash generated was also very small in size.

I couldn't figure out where the problem is. I am confused between whether JTR producing the wrong hash, or is hashcat designed to crack hashes with some max hash length.

sam
  • 101
  • 1
  • 4
  • I installed JTR from Ubuntu snap veresioned 1.9.0-jumbo-1 – sam Jan 29 '20 at 13:40
  • I got the answer. Sadly 8KB is the max size. https://github.com/hashcat/hashcat/issues/2186#issuecomment-530489997 – sam Jan 29 '20 at 15:49

0 Answers0