Hey Folks, in this tutorial we are going to talk about a tool to recover the password of a compressed zip file called “John the Ripper“. John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. John the Ripper is a fast password cracker, currently available for many distributions of Unix, macOS, Windows, DOS, BeOS, and OpenVMS (the latter requires a contributed patch). Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plus hundreds of additional hashes and ciphers in “-jumbo” versions.
Let’s take a look 🙂 !!
We know that the tool comes pre-installed in kali linux operating but we have to install all dependencies to boot any tool that’s why we have given all the commands with the help of which you can install all dependencies as well as tools.
apt install zip
apt install unzip
apt install johnWe can use the “John the Ripper” tool simply by entering “john” on our terminal.
johnWe can also use this tool by entering the following command on the terminal.
zip2johnTo demonstrate the use of both of those tools we will create a password protected zip file using the following command. As you can see the file has been protected and we cannot see the contents of the file.
Usage 🙂 !! zip –password < your password > < give zip file name > < files that you want compressed >
zip --password shubham@# crack2.zip file1.txt file.txt rep.txt
unzip crack2.zipSuppose what you will do if you have a zip file and have forgotten the password that you set during file creation ? Now our first step will be to get a hashes of the zip file using the zip2john tool. Just give us the location of the password protected zip file and the location where we want to save the hash. After getting the hash you can open them using the cat command.
Usage 🙂 !! zip2john < password protected ZIP file > > < name with location where we want to save >
zip2john crack2.zip > zip.hashes
cat zip.hashesNow our work has become very easy as you can see that just we need to give the location of the saved hash and it will try its own dictionary to crack the password of the zip file through the hash. After trying several combinations it has found a valid password to unzip the compressed file.
Usage 🙂 !! john < saved hashes >
john zip.hashesSome times it is not able to find a valid password, so in that case you can create your own wordlist and crack the password of any zip file.
Usage 🙂 !! john –wordlist=< your wordlist path > < saved hashes >
john --wordlist=wordlist.txt zip.hashesGreat 🙂 !! As you can see we have a valid password with the help of which we can unzip the password protected zip file.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…
Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…
Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
This website uses cookies.
View Comments
Hi there! I could have sworn I’ve been to this blog before but after looking at a few of the posts I realized it’s new to me. Anyhow, I’m certainly happy I discovered it and I’ll be book-marking it and checking back regularly!
Good post. I learn something new and challenging on websites I stumbleupon on a daily basis. It will always be useful to read articles from other writers and practice something from other web sites.
Very well written aand done my friend!
I started blogging just recently and have seen many blogs merely rehash old ideaas
but add very little of benefit. It's terrific to rad an enlightening post of some
rral value to me and your readers.
It's going on the list of factos I nee to emulate being a new blogger.
Readeer engagement and material value are king.
Some excellent ideas; you've unquestionably got onn my list of blogs to watch!
Continue the good work!
All the best,
Jorey
Assuming I have a encrypted zip file containing 20 JPG files and a Thumbs.db is there anyway to use john and or hashcat to recover the password, given that individual files are between 4 & 12 MB in size. If it helps I do know some of the metadata that is embedded in the files (eg Camera Model is "Canon EOS 5D Mark III"), and I believe that this text will appear in the first 256 bytes of each file.