hashcat Forum
Zip to Hashcat - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Zip to Hashcat (/thread-9339.html)

Zip to Hashcat - Sondero - 06-26-2020

Hello,
i tried to crack some Zip-archives. To extrakt the hash i use zip2john.

I made 2 Textfile, one with only a few characters, and a bigger one with ~1MB. With each file i made an encrypted ZIP-archiv and try to extract the hash with zip2john. (PW: both files is: 1234)

With the smal file it works perfect, and the output was:
Code:
zip2john.exe aaa.zip

ver 2.0 aaa.zip/aaa.txt PKZIP Encr: cmplen=77, decmplen=1328, crc=CAE7293B
aaa.zip/aaa.txt:$pkzip2$1*1*2*0*4d*530*cae7293b*0*25*8*4d*cae7*8dc9*c07413a944c5c5097ca1cfe762165108e6fa089a82a2cf77dfc4518759ea1e394a3bda2ce6843f37c51eee0597e34c64cd901c6a03f4c4a7d09a913af167ac0ef8c2e283afd207aec9ff3a8375*$/pkzip2$:aaa.txt:aaa.zip::aaa.zip


But the bigger one give me a very huge result which i could´t take for hashcat:
Code:
zip2john.exe aaa.zip
ver 2.0 aaa.zip/aaa.txt PKZIP Encr: cmplen=2658, decmplen=731125, crc=68DC4AA0
aaa.zip/aaa.txt:$pkzip2$1*1*2*0*a62*b27f5*68dc4aa0*0*25*8*a62*68dc*9016*a0b46a31be3b6c8d699163a5a2457b0ecdee05828519c7605cd47cf0e72fbfa525423ad938f2ffbc51522866961a3ae29e3d30b5427a6b0670373390a2df7c5cde0b30efc261edcc457bd414691de03f11301ffa7aa87ddbd1bdb9e8af41045d7575c3c95996148117e1b276f86f38d3f06822c8419ecb1de13ea0043c3294e877afcb42233fb3f2e9b7df823cd2c0c1a8db0ddea465d1cfb595bc5dfb844b2a7d2ccd1e4b1eefa24775d6fe58d3da54ce2a727705f666cf132c94a1f48e207502495bda7555bac1e431da48e3b8fdb3707b46d271710d84a11fa64283e9d0d01c20cc9c50f3975ec70bebaf56d13247bf81d301f51fe256d4fb4fb03f0a7af1d37b117072e325baf39449e2017054e566b66b2eaeb029df871c91331327a02a141c8d6471c8158a9ae8f5866adfad846467fce79ec6b74b859555e3410f6111babf0615d89e00338c2b6aaecf3f697c42cae49317f46d4f33828837ee679159cc113b5114d2bbc5926ba7cc86436ad444f638d831f9f837948e9e87c3532ecdf1add8d67bccab2aea631f403ea3a9688c51d70756bb503ad66a6342eb232b49f2254a0947f406f845e17f5a21597d5b713ba3da58b674f1133cd8a98e0c845eeb57a0671e475ff78ef4758815647fd9784b65c6e45e7a3b0d28ef7b7f28971021f8d399324dc0635f6d817c274eb65500ac10bbf78e944ca4392fecd09ac99db831a72d0a7b533e8dac72b8ba08ffeaf82fae3283b29216f8f477b4589f95c75143f21d6a111c5fc779989f6818f2fe52f3f5afd1e5424504cc729d4e4b75faf9e6d16522d1ff845352ef20e9decdd796b2723ffa05ed1eb3b7b32c60c127b2378fa85804ecb95ed342e94838b7c262c4d4e743d55bef50355f9fa1c0cff30162d691602e530863ecb6386cfec9ed2d04aafa83222d78a8939aae5df08aad1079f0bb7f11200d325061dd9b538790c2c25f70dec4cf5b428ac84c98442ffc413ae2b9887bee69a233de70df5cb1a2a3ea0667f47df0d4da0f559e479e6ce3703ef5a3f905471227035a3ffa30f356e12cd530ce8b3c29cab204f2da48af0bf6826bb62374bc6f303f41f396c6f32bf1923686f38a686d909b02367a79029d6cc1d4fefbcde173a45b324a2b8179f6f24f310009549bf202d4c7b7eb18c00980bcf2109e056b27fce39c5d849028e13703c72a483e634870ea8bd2366765ff97664aab3b105296e88897587e7088a78f3df278c027022b67b16c4f3155c63f013bc006dff51e475c6559d79fb8567e15f1553b793ab7084750b28d00f2aab4dccc4de18262e2ffab87676b67ee117690e3b42768a070648384074bbbfe393db854d6349f4af62c290fa2e741e854f0390d698e8ac5210aa111607201a3d0c46ee0450fcf55118997f05859619c051a29f95943690998156fe7e15d30c643b9667cabe14c3a056b7aef96e9465bb64577dd7fe0454f4d9b95ce3992e6cd8fe0b48f83e8c2f292ea4934d273c1cbcb8f028502e4bdc4073d4f6fbec5863c05a5ab533200e7c89a3d53088eab4e8a59c551e6a45c4c30557431614640a08187b58f136eb0f4dd5f7aba27411c024594ab203a4492fef4ea1eba2918f47181238be02aaaf5594e3a15125c696a272e94f5304f8c40dfc0f83cd33ed9901097d252b4126f0a1e75a368574fd251dc3e1f3b2ae664e1fb34033e6a7e21f9f73239c0fb42e068e30696df39f30efbdeda87bf8a43deb2f534519769d40d5a6c63b9c07a07bc13953b8d87c2664075a61535ae36eb3eae01e49f314410b4f7400ddb933e2921457707a0248fed541390b4a24082c2b46c651b8886af41be847d948e120d4aad78af385fe08128e83312ab74b005d40d5f5c4c6eefe62e510e1ebccfff47f08f8819f4c7b3a42f7324c7c84acdd9597be8f6ab26c30ec5c317912673bdd6ce4524707a367118605b14eb0bc762334c6edda6faf215eb3823a75867ac9d6069e1b3983fe47f37c4f7788f87d5f5005e229efd9ae89157334a0186de214294c70c143f56dd5bbaa0e7e0738e050dc45087f1fba1b17722d38a7a4d9c06c14d9143c83d826f04fa773791704647f92351d49651b9cae5a270db20d50861717f33be4d0683daffc87ea6f13ed620d52daaa16566e436bfee6299a35629f1866b2d6e18280253ea5c3f07f99624a05a35cf73c28c91d5b944ab6635fbee5010113293e1e3aa671f81b49b96121b2116cace6b4e1c9d499dcd8bb20d4770982eda81d72532c832f405f9d9bc22390857c2c333eefc13300c0c3cce4dec462333a59b3366f1dda2a9c0876ef44073038db9abbe21724a3e2422c3cc574cd1ea2e0af19ff2932fe9a0f6fd8fabe8098115dd2a1e49552f9404a82d89696eba07efe6071f7b75ef1651270e0a599c5e91a935cafc8aec1066b55375dfab306ed553d1cb4666fccb639c45238afbf0a6659479a1bdc68fc034d3478659acca205ff6d979826f961ae9eb369b5cce096dae9beeb600c2f20737ac4c74881f3ada53cc44951a5c227bc09b43d9386e480f3183c1c92aea82c2f9826fc3573db230419c0cb75c93298b143e4f37a7fa8e06946a687651d86e6822c5045e1fcea8e3b568762052fe788ded8a94f4ae076620407f5c5a1372610a54cb965401b61e339d303b2fcc893ddeee1c3fa9bc830aa45d4c6f21d7834a5cc5915029b85da29e022ff03182a07bdc33bfb5f9b57e20850e79f03ca69a3e800f4c2f0193a7de524b0d95a4df56823577d047dccaa35627215958b0e78a51d59b6faa014dc319349694d84ee327452da63d2d494f0727db124cde1688926287ec19aa4218c42b107d0a7cdb260f844f9c5294f6b6781adc06a8be9ee6a161a67021b33d9f3e97a91e1478f51e3dc429070a3d8870d9f929f2f11b1e6b79b3ba30335a5155e8e06e5d114445979d8d67b13747e2b580ee0024ed1ac9dbaee195a2d1a35f1d756c64f184b583af349664b5e10096ecc53ead9f9f038da5b0e41f3afa0a45af577df1b11ef0c7d0c3358fd2b7e0423dc2ad210bce83f0c92f359b4ae88370e608246dd986fbb574c444185ce4ffee73384eb678c1f14909642deb4dc718d78d68964ac5614a7544767078e986da569a5c6ff7abe29524f5cf98f9cf84c78949d82d1572ffd22e92dd49930122e7d7d1a6230d1c52d5218fcf196a532ce8c8354d5fe8b5d583e5914c48221f738b8337f434099aa60188094e5557418e0d180654ad5db70fc310720391f0d1268a1b38cfd0b55e3c842acfc608c91d3145c4aa78865ff2b63d36ab6e119a581f23fed72b8b9db934ae8dc0f555602b3be48e3030bc4b2ca4fbdc89c5c302fa03f9da1bc48acc97317c28f17460d9bf2786656841740dad0cca56490d8f498ec17eff974cbe79e1ef4a7e8364fa906f27f8ca2c230e60c9cc3c9fb26e613b47606e32abb71298a2bfcab71b3947e89ee3ab1182b40f3d989095d800e09a4f0d479cb603c558767095623228fbbdfdad6d2bd458c15a8ce69e5af5fcffb0645156fd62896a26a954e5237d932774a00ebea7596fc7575d452de3194d021bb822d9b770b15e60902f1c19fb253a57f6fadd31fd9cd9517f259efa758ea4e00b77996ff11cd2c35fd46b6f3b296f9ae9d64667a102e2209037933f4a39ac6b093c398d70ea8104499682baf097845f936652b72f68986aee3f6f72018c8d885bc0fa76f89400ffc96efe605a54819c6d3f6371ea668c399b4f729ad4a0*$/pkzip2$:aaa.txt:aaa.zip::aaa.zip

I made a few other tests, and the hash is proportionally to the encrypted archiv file


edit://

It looks like hashcat couldn´t crack huge zip-files
https://hashcat.net/forum/thread-8753.html

RE: Zip to Hashcat - Mem5 - 06-27-2020

Yes, pkzip hash is limited in length.
https://github.com/hashcat/hashcat/issues/2186#issuecomment-530489997

RE: Zip to Hashcat - philsmd - 06-27-2020

winzip (-m 13600 ) and pkzip (-m 172xx) are very different hash types.

The data limit that hashcat supports for PKZIP hashes is currently about 320 KB, see: https://github.com/hashcat/hashcat/pull/2053


your hash from above (you get banned if you continue cracking hashes in this forum, that's for sure, see the forum rules) works perfectly fine for me, but you of course need to remove the file name from the hash (hashcat doesn't consider a file name part of a hash, JTR does use "hashes"/ lines with file names), see example hashes from : https://hashcat.net/wiki/example_hashes

That means that the hashes must look like the example hashes, without the file names and without the columns before the $pkzip2$ etc... also no filename at the end (i.e. the hash must end with $/pkzip2$)

password of above hash is 1234 , cracked with hashcat (works perfectly fine).