6

I installed kali linux, that comes with John the ripper. I have a password-protected zip file. I'm pretty sure the password is complex. I first convert the zip into a hash:

sudo zip2john FILE_LOCATION > zippedzip.txt

It took around 20 seconds to run that command.

I got this output: enter image description here Then I try running john on it:

sudo john --format=zip ZIPPEDZIP.TXT_LOCATION

However I keep getting an error:

Using default input encoding: UTF-8
No password hashes loaded (see FAQ)

I'm pretty new to John the ripper, but didn't I already load in a hash?

I then took a look at the FAQ but that confused me.

So next I tried to just run a wordlist through the hash

I used the following wordlist: https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-100000.txt

So I ran this: enter image description here

So after trying both methods, I'm not really sure how to crack this zip.

Tarun Ravi
  • 61
  • 1
  • 1
  • 2
  • If the password is complex, it probably won't be in the wordlist. Also, the hash was loaded when you didn't use `--format=zip`, so try your first command again without it (i.e. just `sudo john ZIPPEDZIP.TXT_LOCATION`). I guess john will recognize the hash type itself – nobody Jul 31 '20 at 19:37
  • Hi @nobody I tried doing that, and it didn't work: https://i.imgur.com/teucRDv.png – Tarun Ravi Aug 01 '20 at 00:53

1 Answers1

2

The zip2john command already tells you that the output format in PKZIP, so you should use that format if you decide to explicitly specify it in your john command using the --format switch.

If you omit the --format specifier, john obviously recognizes the format of the hash file correctly.

When you read the output of your john command, you see that the passphrase is not found within the words contained in 10-million-password-list-top-100000.txt.
Your challenge now is to find a wordlist suitable or big enough to actually contain the password.

lab9
  • 474
  • 2
  • 7
  • Thanks for the answer, so when you say the output format is PKZIP would this be the command I use: "sudo john --format=PKZIP ZIPPEDZIP.TXT_LOCATION"? – Tarun Ravi Aug 02 '20 at 00:35
  • yes, but also provide a wordlist, like `--wordlist=/usr/share/wordlists/rockyou.txt` for example. – lab9 Aug 02 '20 at 08:59
  • ... otherwise you'll end up in _john's incremental mode_ where it will try every possible 8-character combination which can take ages and might not deliver anything. – lab9 Aug 02 '20 at 11:36
  • 1
    https://i.imgur.com/iUKBUBu.png. I tried doing the --format=PKZIP as you recommended, but I got an error. @lab9 – Tarun Ravi Aug 03 '20 at 00:37
  • as your hash file seems to be UTF16-encoded: Have you copied it over from a Windows system? Can you run _dos2unix_ on it and retry? – lab9 Aug 03 '20 at 15:31
  • just to avoid misunderstanding: You have to use `john` against the _hash_ file (the output of _zip2john_). In the screenshot that you provided in your comment, it looks like you use `john` against the _zip file_ itself (cannot tell for sure because the filename is partially greyed out) – lab9 Aug 04 '20 at 08:39