[Tutorial] Cracking ZIP/RAR Archives with John the Ripper

[Hans420]

Cracking ZIP/RAR Hashes with JtR

[hide]What is John?
John the Ripper or simply John, is an open source cracking tool provided by Openwall.
It's a very popular tool that comes pre installed on the Kali distro. It's easy to use, powerful, and it's free.

Download John Jumbo
Official Site | Windows
*Installation on Linux varies depending on your package manager.

What is hashing vs encypting?
Hashing is similar to encypting with one major difference, it's irreversible.
Generally when your passwords are being stored on a database, they are hashed.
The string that makes up your password is taken, a salt is applied, finally the string is run through an algorithm that creates a new string with a fixed length.

E.g. "Day Bow Bow! + Salt"
> "93ea2d345244d653644a07d8fc09eca1"
E.g. "The power to destroy a thing is the absolute control over it. + Salt"
> "2889cdd0d398e477d72c9c5354a7353b"

In regards to ZIP/RAR files (if password protected), your files are encrypted with the password provided as the key.
To decipher the encyption, we need the key. We'll be extracting a hash from an encrypted archive to crack. The hash composes of data created from failed password attempts.

Retrieving the Hash
Once John has downloaded, extract it and launch your terminal/cmd.
Set the current directory to John's 'run' folder (e.g. cd desktop/john/run).
Enter "john.exe" to confirm you're in the right directory.
Once there, find your archive and copypasta somewhere within the run folder. (Not that it's necessary but it does make things easier.)
To retrieve your hash, you can use zip2john or rar2john.
In this example I'll be cracking a zip file. So I'll enter:

zip2john myzipfile.zip>myzipfile.hash

"myzipfile.zip" should point to your archive.  "myzipfile.hash" is the output file to create.
If you're cracking a rar file, enter the same parameters but instead of calling zip2john, call rar2john.

Inside of my run folder I can now locate the hash. Confirm that your hash was created successfuly.

Cracking the Hash
Now that we have our hash, we can begin cracking it. You can either use a wordlist for your attack or you can bruteforce the password.
When calling john.exe you can pass "--wordlist=password.lst" to use a list, or you can pass "--incremental" for bruteforcing.
*For "password.lst" enter the file you have your passwords stored in.
In my case I'm going to bruteforce the password so I'll enter:

john --incremental myzipfile.hash

[/hide]
In a matter of time your password should be displayed in your terminal.
E.g. "titan (myzipfile.zip)".
:fuck:

Similar Tutorials:
[Tutorial] Cracking Hashes with John the Ripper
​

 

[ramadhanie]

How long to crack zip/rar password?

 

[Hans420]

How long to crack zip/rar password?

Depends on the format and password length. In my case I brute-forced the password so if the length was 20 characters I'd be waiting a while (as in it's not realistic I'd even crack the file). Some passwords are harder to crack than others. "apples" would only take a minute while "4pPl_3S!" would take a lot longer.

Your processing power will also make a difference.

 

[bangkekk]

Thankyou sirrr ,its help me

 

[Mikomino]

Wahh jhon the ripper

 

[xMeloe]

Cracking ZIP/RAR Hashes with JtR


In a matter of time your password should be displayed in your terminal.
E.g. "titan (myzipfile.zip)".
:fuck:​

I hope it wouldn't take much time with my i9 9900k haha anyway, thanks a lot !

 

[Hans420]

This is a bump

 

[Lacrosse]

thanks again its kinda hard to use this program for starters

 

[pikachu7]

bruhhhhhhhhhhhhhh

 

[Hans420]

This is a bump