06-26-2020, 06:03 PM
Hello,
i tried to crack some Zip-archives. To extrakt the hash i use zip2john.
I made 2 Textfile, one with only a few characters, and a bigger one with ~1MB. With each file i made an encrypted ZIP-archiv and try to extract the hash with zip2john. (PW: both files is: 1234)
With the smal file it works perfect, and the output was:
But the bigger one give me a very huge result which i could´t take for hashcat:
I made a few other tests, and the hash is proportionally to the encrypted archiv file
edit://
It looks like hashcat couldn´t crack huge zip-files
https://hashcat.net/forum/thread-8753.html
i tried to crack some Zip-archives. To extrakt the hash i use zip2john.
I made 2 Textfile, one with only a few characters, and a bigger one with ~1MB. With each file i made an encrypted ZIP-archiv and try to extract the hash with zip2john. (PW: both files is: 1234)
With the smal file it works perfect, and the output was:
Code:
zip2john.exe aaa.zip
ver 2.0 aaa.zip/aaa.txt PKZIP Encr: cmplen=77, decmplen=1328, crc=CAE7293B
aaa.zip/aaa.txt:$pkzip2$1*1*2*0*4d*530*cae7293b*0*25*8*4d*cae7*8dc9*c07413a944c5c5097ca1cfe762165108e6fa089a82a2cf77dfc4518759ea1e394a3bda2ce6843f37c51eee0597e34c64cd901c6a03f4c4a7d09a913af167ac0ef8c2e283afd207aec9ff3a8375*$/pkzip2$:aaa.txt:aaa.zip::aaa.zip
But the bigger one give me a very huge result which i could´t take for hashcat:
Code:
zip2john.exe aaa.zip
ver 2.0 aaa.zip/aaa.txt PKZIP Encr: cmplen=2658, decmplen=731125, crc=68DC4AA0
aaa.zip/aaa.txt:$pkzip2$1*1*2*0*a62*b27f5*68dc4aa0*0*25*8*a62*68dc*9016*a0b46a31be3b6c8d699163a5a2457b0ecdee05828519c7605cd47cf0e72fbfa525423ad938f2ffbc51522866961a3ae29e3d30b5427a6b0670373390a2df7c5cde0b30efc261edcc457bd414691de03f11301ffa7aa87ddbd1bdb9e8af41045d7575c3c95996148117e1b276f86f38d3f06822c8419ecb1de13ea0043c3294e877afcb42233fb3f2e9b7df823cd2c0c1a8db0ddea465d1cfb595bc5dfb844b2a7d2ccd1e4b1eefa24775d6fe58d3da54ce2a727705f666cf132c94a1f48e207502495bda7555bac1e431da48e3b8fdb3707b46d271710d84a11fa64283e9d0d01c20cc9c50f3975ec70bebaf56d13247bf81d301f51fe256d4fb4fb03f0a7af1d37b117072e325baf39449e2017054e566b66b2eaeb029df871c91331327a02a141c8d6471c8158a9ae8f5866adfad846467fce79ec6b74b859555e3410f6111babf0615d89e00338c2b6aaecf3f697c42cae49317f46d4f33828837ee679159cc113b5114d2bbc5926ba7cc86436ad444f638d831f9f837948e9e87c3532ecdf1add8d67bccab2aea631f403ea3a9688c51d70756bb503ad66a6342eb232b49f2254a0947f406f845e17f5a21597d5b713ba3da58b674f1133cd8a98e0c845eeb57a0671e475ff78ef4758815647fd9784b65c6e45e7a3b0d28ef7b7f28971021f8d399324dc0635f6d817c274eb65500ac10bbf78e944ca4392fecd09ac99db831a72d0a7b533e8dac72b8ba08ffeaf82fae3283b29216f8f477b4589f95c75143f21d6a111c5fc779989f6818f2fe52f3f5afd1e5424504cc729d4e4b75faf9e6d16522d1ff845352ef20e9decdd796b2723ffa05ed1eb3b7b32c60c127b2378fa85804ecb95ed342e94838b7c262c4d4e743d55bef50355f9fa1c0cff30162d691602e530863ecb6386cfec9ed2d04aafa83222d78a8939aae5df08aad1079f0bb7f11200d325061dd9b538790c2c25f70dec4cf5b428ac84c98442ffc413ae2b9887bee69a233de70df5cb1a2a3ea0667f47df0d4da0f559e479e6ce3703ef5a3f905471227035a3ffa30f356e12cd530ce8b3c29cab204f2da48af0bf6826bb62374bc6f303f41f396c6f32bf1923686f38a686d909b02367a79029d6cc1d4fefbcde173a45b324a2b8179f6f24f310009549bf202d4c7b7eb18c00980bcf2109e056b27fce39c5d849028e13703c72a483e634870ea8bd2366765ff97664aab3b105296e88897587e7088a78f3df278c027022b67b16c4f3155c63f013bc006dff51e475c6559d79fb8567e15f1553b793ab7084750b28d00f2aab4dccc4de18262e2ffab87676b67ee117690e3b42768a070648384074bbbfe393db854d6349f4af62c290fa2e741e854f0390d698e8ac5210aa111607201a3d0c46ee0450fcf55118997f05859619c051a29f95943690998156fe7e15d30c643b9667cabe14c3a056b7aef96e9465bb64577dd7fe0454f4d9b95ce3992e6cd8fe0b48f83e8c2f292ea4934d273c1cbcb8f028502e4bdc4073d4f6fbec5863c05a5ab533200e7c89a3d53088eab4e8a59c551e6a45c4c30557431614640a08187b58f136eb0f4dd5f7aba27411c024594ab203a4492fef4ea1eba2918f47181238be02aaaf5594e3a15125c696a272e94f5304f8c40dfc0f83cd33ed9901097d252b4126f0a1e75a368574fd251dc3e1f3b2ae664e1fb34033e6a7e21f9f73239c0fb42e068e30696df39f30efbdeda87bf8a43deb2f534519769d40d5a6c63b9c07a07bc13953b8d87c2664075a61535ae36eb3eae01e49f314410b4f7400ddb933e2921457707a0248fed541390b4a24082c2b46c651b8886af41be847d948e120d4aad78af385fe08128e83312ab74b005d40d5f5c4c6eefe62e510e1ebccfff47f08f8819f4c7b3a42f7324c7c84acdd9597be8f6ab26c30ec5c317912673bdd6ce4524707a367118605b14eb0bc762334c6edda6faf215eb3823a75867ac9d6069e1b3983fe47f37c4f7788f87d5f5005e229efd9ae89157334a0186de214294c70c143f56dd5bbaa0e7e0738e050dc45087f1fba1b17722d38a7a4d9c06c14d9143c83d826f04fa773791704647f92351d49651b9cae5a270db20d50861717f33be4d0683daffc87ea6f13ed620d52daaa16566e436bfee6299a35629f1866b2d6e18280253ea5c3f07f99624a05a35cf73c28c91d5b944ab6635fbee5010113293e1e3aa671f81b49b96121b2116cace6b4e1c9d499dcd8bb20d4770982eda81d72532c832f405f9d9bc22390857c2c333eefc13300c0c3cce4dec462333a59b3366f1dda2a9c0876ef44073038db9abbe21724a3e2422c3cc574cd1ea2e0af19ff2932fe9a0f6fd8fabe8098115dd2a1e49552f9404a82d89696eba07efe6071f7b75ef1651270e0a599c5e91a935cafc8aec1066b55375dfab306ed553d1cb4666fccb639c45238afbf0a6659479a1bdc68fc034d3478659acca205ff6d979826f961ae9eb369b5cce096dae9beeb600c2f20737ac4c74881f3ada53cc44951a5c227bc09b43d9386e480f3183c1c92aea82c2f9826fc3573db230419c0cb75c93298b143e4f37a7fa8e06946a687651d86e6822c5045e1fcea8e3b568762052fe788ded8a94f4ae076620407f5c5a1372610a54cb965401b61e339d303b2fcc893ddeee1c3fa9bc830aa45d4c6f21d7834a5cc5915029b85da29e022ff03182a07bdc33bfb5f9b57e20850e79f03ca69a3e800f4c2f0193a7de524b0d95a4df56823577d047dccaa35627215958b0e78a51d59b6faa014dc319349694d84ee327452da63d2d494f0727db124cde1688926287ec19aa4218c42b107d0a7cdb260f844f9c5294f6b6781adc06a8be9ee6a161a67021b33d9f3e97a91e1478f51e3dc429070a3d8870d9f929f2f11b1e6b79b3ba30335a5155e8e06e5d114445979d8d67b13747e2b580ee0024ed1ac9dbaee195a2d1a35f1d756c64f184b583af349664b5e10096ecc53ead9f9f038da5b0e41f3afa0a45af577df1b11ef0c7d0c3358fd2b7e0423dc2ad210bce83f0c92f359b4ae88370e608246dd986fbb574c444185ce4ffee73384eb678c1f14909642deb4dc718d78d68964ac5614a7544767078e986da569a5c6ff7abe29524f5cf98f9cf84c78949d82d1572ffd22e92dd49930122e7d7d1a6230d1c52d5218fcf196a532ce8c8354d5fe8b5d583e5914c48221f738b8337f434099aa60188094e5557418e0d180654ad5db70fc310720391f0d1268a1b38cfd0b55e3c842acfc608c91d3145c4aa78865ff2b63d36ab6e119a581f23fed72b8b9db934ae8dc0f555602b3be48e3030bc4b2ca4fbdc89c5c302fa03f9da1bc48acc97317c28f17460d9bf2786656841740dad0cca56490d8f498ec17eff974cbe79e1ef4a7e8364fa906f27f8ca2c230e60c9cc3c9fb26e613b47606e32abb71298a2bfcab71b3947e89ee3ab1182b40f3d989095d800e09a4f0d479cb603c558767095623228fbbdfdad6d2bd458c15a8ce69e5af5fcffb0645156fd62896a26a954e5237d932774a00ebea7596fc7575d452de3194d021bb822d9b770b15e60902f1c19fb253a57f6fadd31fd9cd9517f259efa758ea4e00b77996ff11cd2c35fd46b6f3b296f9ae9d64667a102e2209037933f4a39ac6b093c398d70ea8104499682baf097845f936652b72f68986aee3f6f72018c8d885bc0fa76f89400ffc96efe605a54819c6d3f6371ea668c399b4f729ad4a0*$/pkzip2$:aaa.txt:aaa.zip::aaa.zip
I made a few other tests, and the hash is proportionally to the encrypted archiv file
edit://
It looks like hashcat couldn´t crack huge zip-files
https://hashcat.net/forum/thread-8753.html