Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20190520193029.GA20617@openwall.com>
Date: Mon, 20 May 2019 21:30:29 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: zip2john fails to hash my zip file

Hi,

This is in addition to magnum's answer (which is correct and
JtR-centric, as is most appropriate for this list, but I feel I can add
beyond-JtR material as well).

On Mon, May 20, 2019 at 03:58:50PM +0000, Dudy Dudy wrote:
> My ultimate goal to is be able to recover the password of the archive.

Or maybe the content of the archive?  For PKZIP files with tough
passwords, it might be more practical to mount a known plaintext attack,
for which there's this recent tool (a remake of the older pkcrack):

https://github.com/kimci86/bkcrack

(I "contributed" some bug reports and feature requests to the author,
which are now implemented - including the ability to have the tool
truncate a compressed file used for known plaintext in case only the
file's beginning is expected to match.)

There are also these new developments:

"Improved Forensic Recovery of PKZIP Stream Cipher Passwords"
http://www.insticc.org/node/TechnicalProgram/icissp/presentationDetails/73605

"These kernels add support for cracking the 96bit pkzip stream cipher to
retrieve the used password after successfully running a KPA on a zip
archive."
https://github.com/hashcat/hashcat/pull/2032

Of course, you need to get your zip archive to get properly parsed and
be supported by the tools anyhow.  You also need to be able to recreate
very similar archives with the same compression method and settings in
order to get suitable known plaintext (it should match your target
encrypted file's _after_ compression - at least the first 11 bytes).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.