Can I use zip2john to break a password protected zip file?

1.4K    Asked by AnnaBall in SQL Server , Asked on Dec 21, 2021

Is it possible to crack a password protected zip file using John the ripper?  I was surfing the internet and came across these lines - John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. John the Ripper jumbo supports hundreds of hash and cipher types, including for: user passwords of Unix flavors (Linux, *BSD, Solaris, AIX, QNX, etc.), macOS, Windows, "web apps" (e.g., WordPress), groupware (e.g., Notes/Domino), and database servers (SQL, LDAP, etc.); network traffic captures (Windows network authentication, WiFi WPA-PSK, etc.); encrypted private keys (SSH, GnuPG, cryptocurrency wallets, etc.), filesystems and disks (macOS .dmg files and "sparse bundles", Windows BitLocker, etc.), archives (ZIP, RAR, 7z), and document files (PDF, Microsoft Office's, etc.)

Answered by Anurag Singhal

The zip2john command already tells you the output format in PKZIP, so you should use that format if you decide to explicitly specify it in your john command using the --format switch.


If you omit the --format specifier, john obviously recognizes the format of the hash file correctly.

When you read the output of your john command, you see that the passphrase is not found within the words contained in 10-million-password-list-top-100000.txt.

Your challenge now is to find a wordlist suitable or big enough to actually contain the password.



Your Answer

Interviews

Parent Categories