Hey Folks, in this tutorial we are going to talk about a tool to recover the password of a compressed zip file called “John the Ripper“. John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. John the Ripper is a fast password cracker, currently available for many distributions of Unix, macOS, Windows, DOS, BeOS, and OpenVMS (the latter requires a contributed patch). Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plus hundreds of additional hashes and ciphers in “-jumbo” versions.
Let’s take a look 🙂 !!
We know that the tool comes pre-installed in kali linux operating but we have to install all dependencies to boot any tool that’s why we have given all the commands with the help of which you can install all dependencies as well as tools.
apt install zip
apt install unzip
apt install john
We can use the “John the Ripper” tool simply by entering “john” on our terminal.
We can also use this tool by entering the following command on the terminal.
Create Password Protected ZIP File
To demonstrate the use of both of those tools we will create a password protected zip file using the following command. As you can see the file has been protected and we cannot see the contents of the file.
Usage 🙂 !! zip –password < your password > < give zip file name > < files that you want compressed >
zip --password shubham@# crack2.zip file1.txt file.txt rep.txt
Getting Hash of ZIP File
Suppose what you will do if you have a zip file and have forgotten the password that you set during file creation ? Now our first step will be to get a hashes of the zip file using the zip2john tool. Just give us the location of the password protected zip file and the location where we want to save the hash. After getting the hash you can open them using the cat command.
Usage 🙂 !! zip2john < password protected ZIP file > > < name with location where we want to save >
zip2john crack2.zip > zip.hashes
Crack Password with John
Now our work has become very easy as you can see that just we need to give the location of the saved hash and it will try its own dictionary to crack the password of the zip file through the hash. After trying several combinations it has found a valid password to unzip the compressed file.
Usage 🙂 !! john < saved hashes >
Some times it is not able to find a valid password, so in that case you can create your own wordlist and crack the password of any zip file.
Usage 🙂 !! john –wordlist=< your wordlist path > < saved hashes >
john --wordlist=wordlist.txt zip.hashes
Great 🙂 !! As you can see we have a valid password with the help of which we can unzip the password protected zip file.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.