Zip to Hashcat - Sondero - 06-26-2020
Hello,
i tried to crack some Zip-archives. To extrakt the hash i use zip2john.
I made 2 Textfile, one with only a few characters, and a bigger one with ~1MB. With each file i made an encrypted ZIP-archiv and try to extract the hash with zip2john. (PW: both files is: 1234)
With the smal file it works perfect, and the output was:
Code: zip2john.exe aaa.zip
ver 2.0 aaa.zip/aaa.txt PKZIP Encr: cmplen=77, decmplen=1328, crc=CAE7293B
aaa.zip/aaa.txt:$pkzip2$1*1*2*0*4d*530*cae7293b*0*25*8*4d*cae7*8dc9*c07413a944c5c5097ca1cfe762165108e6fa089a82a2cf77dfc4518759ea1e394a3bda2ce6843f37c51eee0597e34c64cd901c6a03f4c4a7d09a913af167ac0ef8c2e283afd207aec9ff3a8375*$/pkzip2$:aaa.txt:aaa.zip::aaa.zip
But the bigger one give me a very huge result which i could´t take for hashcat:
Code: zip2john.exe aaa.zip
ver 2.0 aaa.zip/aaa.txt PKZIP Encr: cmplen=2658, decmplen=731125, crc=68DC4AA0
aaa.zip/aaa.txt:$pkzip2$1*1*2*0*a62*b27f5*68dc4aa0*0*25*8*a62*68dc*9016*a0b46a31be3b6c8d699163a5a2457b0ecdee05828519c7605cd47cf0e72fbfa525423ad938f2ffbc51522866961a3ae29e3d30b5427a6b0670373390a2df7c5cde0b30efc261edcc457bd414691de03f11301ffa7aa87ddbd1bdb9e8af41045d7575c3c95996148117e1b276f86f38d3f06822c8419ecb1de13ea0043c3294e877afcb42233fb3f2e9b7df823cd2c0c1a8db0ddea465d1cfb595bc5dfb844b2a7d2ccd1e4b1eefa24775d6fe58d3da54ce2a727705f666cf132c94a1f48e207502495bda7555bac1e431da48e3b8fdb3707b46d271710d84a11fa64283e9d0d01c20cc9c50f3975ec70bebaf56d13247bf81d301f51fe256d4fb4fb03f0a7af1d37b117072e325baf39449e2017054e566b66b2eaeb029df871c91331327a02a141c8d6471c8158a9ae8f5866adfad846467fce79ec6b74b859555e3410f6111babf0615d89e00338c2b6aaecf3f697c42cae49317f46d4f33828837ee679159cc113b5114d2bbc5926ba7cc86436ad444f638d831f9f837948e9e87c3532ecdf1add8d67bccab2aea631f403ea3a9688c51d70756bb503ad66a6342eb232b49f2254a0947f406f845e17f5a21597d5b713ba3da58b674f1133cd8a98e0c845eeb57a0671e475ff78ef4758815647fd9784b65c6e45e7a3b0d28ef7b7f28971021f8d399324dc0635f6d817c274eb65500ac10bbf78e944ca4392fecd09ac99db831a72d0a7b533e8dac72b8ba08ffeaf82fae3283b29216f8f477b4589f95c75143f21d6a111c5fc779989f6818f2fe52f3f5afd1e5424504cc729d4e4b75faf9e6d16522d1ff845352ef20e9decdd796b2723ffa05ed1eb3b7b32c60c127b2378fa85804ecb95ed342e94838b7c262c4d4e743d55bef50355f9fa1c0cff30162d691602e530863ecb6386cfec9ed2d04aafa83222d78a8939aae5df08aad1079f0bb7f11200d325061dd9b538790c2c25f70dec4cf5b428ac84c98442ffc413ae2b9887bee69a233de70df5cb1a2a3ea0667f47df0d4da0f559e479e6ce3703ef5a3f905471227035a3ffa30f356e12cd530ce8b3c29cab204f2da48af0bf6826bb62374bc6f303f41f396c6f32bf1923686f38a686d909b02367a79029d6cc1d4fefbcde173a45b324a2b8179f6f24f310009549bf202d4c7b7eb18c00980bcf2109e056b27fce39c5d849028e13703c72a483e634870ea8bd2366765ff97664aab3b105296e88897587e7088a78f3df278c027022b67b16c4f3155c63f013bc006dff51e475c6559d79fb8567e15f1553b793ab7084750b28d00f2aab4dccc4de18262e2ffab87676b67ee117690e3b42768a070648384074bbbfe393db854d6349f4af62c290fa2e741e854f0390d698e8ac5210aa111607201a3d0c46ee0450fcf55118997f05859619c051a29f95943690998156fe7e15d30c643b9667cabe14c3a056b7aef96e9465bb64577dd7fe0454f4d9b95ce3992e6cd8fe0b48f83e8c2f292ea4934d273c1cbcb8f028502e4bdc4073d4f6fbec5863c05a5ab533200e7c89a3d53088eab4e8a59c551e6a45c4c30557431614640a08187b58f136eb0f4dd5f7aba27411c024594ab203a4492fef4ea1eba2918f47181238be02aaaf5594e3a15125c696a272e94f5304f8c40dfc0f83cd33ed9901097d252b4126f0a1e75a368574fd251dc3e1f3b2ae664e1fb34033e6a7e21f9f73239c0fb42e068e30696df39f30efbdeda87bf8a43deb2f534519769d40d5a6c63b9c07a07bc13953b8d87c2664075a61535ae36eb3eae01e49f314410b4f7400ddb933e2921457707a0248fed541390b4a24082c2b46c651b8886af41be847d948e120d4aad78af385fe08128e83312ab74b005d40d5f5c4c6eefe62e510e1ebccfff47f08f8819f4c7b3a42f7324c7c84acdd9597be8f6ab26c30ec5c317912673bdd6ce4524707a367118605b14eb0bc762334c6edda6faf215eb3823a75867ac9d6069e1b3983fe47f37c4f7788f87d5f5005e229efd9ae89157334a0186de214294c70c143f56dd5bbaa0e7e0738e050dc45087f1fba1b17722d38a7a4d9c06c14d9143c83d826f04fa773791704647f92351d49651b9cae5a270db20d50861717f33be4d0683daffc87ea6f13ed620d52daaa16566e436bfee6299a35629f1866b2d6e18280253ea5c3f07f99624a05a35cf73c28c91d5b944ab6635fbee5010113293e1e3aa671f81b49b96121b2116cace6b4e1c9d499dcd8bb20d4770982eda81d72532c832f405f9d9bc22390857c2c333eefc13300c0c3cce4dec462333a59b3366f1dda2a9c0876ef44073038db9abbe21724a3e2422c3cc574cd1ea2e0af19ff2932fe9a0f6fd8fabe8098115dd2a1e49552f9404a82d89696eba07efe6071f7b75ef1651270e0a599c5e91a935cafc8aec1066b55375dfab306ed553d1cb4666fccb639c45238afbf0a6659479a1bdc68fc034d3478659acca205ff6d979826f961ae9eb369b5cce096dae9beeb600c2f20737ac4c74881f3ada53cc44951a5c227bc09b43d9386e480f3183c1c92aea82c2f9826fc3573db230419c0cb75c93298b143e4f37a7fa8e06946a687651d86e6822c5045e1fcea8e3b568762052fe788ded8a94f4ae076620407f5c5a1372610a54cb965401b61e339d303b2fcc893ddeee1c3fa9bc830aa45d4c6f21d7834a5cc5915029b85da29e022ff03182a07bdc33bfb5f9b57e20850e79f03ca69a3e800f4c2f0193a7de524b0d95a4df56823577d047dccaa35627215958b0e78a51d59b6faa014dc319349694d84ee327452da63d2d494f0727db124cde1688926287ec19aa4218c42b107d0a7cdb260f844f9c5294f6b6781adc06a8be9ee6a161a67021b33d9f3e97a91e1478f51e3dc429070a3d8870d9f929f2f11b1e6b79b3ba30335a5155e8e06e5d114445979d8d67b13747e2b580ee0024ed1ac9dbaee195a2d1a35f1d756c64f184b583af349664b5e10096ecc53ead9f9f038da5b0e41f3afa0a45af577df1b11ef0c7d0c3358fd2b7e0423dc2ad210bce83f0c92f359b4ae88370e608246dd986fbb574c444185ce4ffee73384eb678c1f14909642deb4dc718d78d68964ac5614a7544767078e986da569a5c6ff7abe29524f5cf98f9cf84c78949d82d1572ffd22e92dd49930122e7d7d1a6230d1c52d5218fcf196a532ce8c8354d5fe8b5d583e5914c48221f738b8337f434099aa60188094e5557418e0d180654ad5db70fc310720391f0d1268a1b38cfd0b55e3c842acfc608c91d3145c4aa78865ff2b63d36ab6e119a581f23fed72b8b9db934ae8dc0f555602b3be48e3030bc4b2ca4fbdc89c5c302fa03f9da1bc48acc97317c28f17460d9bf2786656841740dad0cca56490d8f498ec17eff974cbe79e1ef4a7e8364fa906f27f8ca2c230e60c9cc3c9fb26e613b47606e32abb71298a2bfcab71b3947e89ee3ab1182b40f3d989095d800e09a4f0d479cb603c558767095623228fbbdfdad6d2bd458c15a8ce69e5af5fcffb0645156fd62896a26a954e5237d932774a00ebea7596fc7575d452de3194d021bb822d9b770b15e60902f1c19fb253a57f6fadd31fd9cd9517f259efa758ea4e00b77996ff11cd2c35fd46b6f3b296f9ae9d64667a102e2209037933f4a39ac6b093c398d70ea8104499682baf097845f936652b72f68986aee3f6f72018c8d885bc0fa76f89400ffc96efe605a54819c6d3f6371ea668c399b4f729ad4a0*$/pkzip2$:aaa.txt:aaa.zip::aaa.zip
I made a few other tests, and the hash is proportionally to the encrypted archiv file
edit://
It looks like hashcat couldn´t crack huge zip-files
https://hashcat.net/forum/thread-8753.html
RE: Zip to Hashcat - Mem5 - 06-27-2020
Yes, pkzip hash is limited in length.
https://github.com/hashcat/hashcat/issues/2186#issuecomment-530489997
RE: Zip to Hashcat - philsmd - 06-27-2020
winzip (-m 13600 ) and pkzip (-m 172xx) are very different hash types.
The data limit that hashcat supports for PKZIP hashes is currently about 320 KB, see: https://github.com/hashcat/hashcat/pull/2053
your hash from above (you get banned if you continue cracking hashes in this forum, that's for sure, see the forum rules) works perfectly fine for me, but you of course need to remove the file name from the hash (hashcat doesn't consider a file name part of a hash, JTR does use "hashes"/ lines with file names), see example hashes from : https://hashcat.net/wiki/example_hashes
That means that the hashes must look like the example hashes, without the file names and without the columns before the $pkzip2$ etc... also no filename at the end (i.e. the hash must end with $/pkzip2$)
password of above hash is 1234 , cracked with hashcat (works perfectly fine).
|