Hey Folks, in this tutorial we are going to talk about a tool to recover the password of a compressed zip file called “John the Ripper“. John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. John the Ripper is a fast password cracker, currently available for many distributions of Unix, macOS, Windows, DOS, BeOS, and OpenVMS (the latter requires a contributed patch). Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plus hundreds of additional hashes and ciphers in “-jumbo” versions.

Let’s take a look 🙂 !!

Install Dependencies

We know that the tool comes pre-installed in kali linux operating but we have to install all dependencies to boot any tool that’s why we have given all the commands with the help of which you can install all dependencies as well as tools.

John

We can use the “John the Ripper” tool simply by entering “john” on our terminal.

Zip2John

We can also use this tool by entering the following command on the terminal.

Create Password Protected ZIP File

To demonstrate the use of both of those tools we will create a password protected zip file using the following command. As you can see the file has been protected and we cannot see the contents of the file.

Usage 🙂 !! zip –password < your password > < give zip file name > < files that you want compressed >

Getting Hash of ZIP File

Suppose what you will do if you have a zip file and have forgotten the password that you set during file creation ? Now our first step will be to get a hashes of the zip file using the zip2john tool. Just give us the location of the password protected zip file and the location where we want to save the hash. After getting the hash you can open them using the cat command.

Usage 🙂 !! zip2john < password protected ZIP file > > < name with location where we want to save >

Crack Password with John

Now our work has become very easy as you can see that just we need to give the location of the saved hash and it will try its own dictionary to crack the password of the zip file through the hash. After trying several combinations it has found a valid password to unzip the compressed file.

Usage 🙂 !! john < saved hashes >

Custom Wordlist

Some times it is not able to find a valid password, so in that case you can create your own wordlist and crack the password of any zip file.

Usage 🙂 !! john –wordlist=< your wordlist path > < saved hashes >

Great 🙂 !! As you can see we have a valid password with the help of which we can unzip the password protected zip file.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

0

Leave a Reply