hashcat
advanced password recovery

NERFER 4 · 05-29-2022, 12:58 AM

I can't crack the password of a Zip archive. I used John the ripper to extract the hash from the Zip file, he extracted 2 of them but I don't know which hash mode to use on hashcat to find the password.
Could anyone help me? (If necessary, I can attach the file)

NERFER 4 · 05-29-2022, 02:25 PM

(05-29-2022, 09:17 AM)marc1n Wrote: PKZIP https://hashcat.net/wiki/doku.php?id=example_hashes

Thanks, but it doesn't work for me, my hash starts with $zip2$, so, according to the list you sent me, I should use 13600 (WinZip) hash mode, but if I try to proceed it gives me this error:

Oversized line detected! Truncated 55697304 bytes

Oversized line detected! Truncated 55697304 bytes
Hashfile 'h4.txt' on line 1 ($zip2$...c44df2ad47099b87457dfd7105b9c423): Separator unmatched
No hashes loaded.

In fact, my hash is much longer than the example one in the list you sent me.
If you want I can attach my hash file.
Thanks!

NERFER 4 · 05-29-2022, 05:17 PM

(05-29-2022, 03:46 PM)marc1n Wrote: Your zip version may not be supported by hashcat...

Hashcat is the world's fastest password cracker, can I crack my Zip archive password fast enough like on Hashcat using another program?

NERFER 4 · 05-29-2022, 10:36 PM

(05-29-2022, 06:15 PM)marc1n Wrote: Check without entering the mode if the hashcat detects your hash and gives you the mode to break

I have just tried it but it didn't find any mode that could crack the hash, it told me "Oversized line detected! Truncated 55697304 bytes" 459 times, then stopped.

NERFER 4 · 05-30-2022, 09:45 PM

(05-29-2022, 11:37 PM)marc1n Wrote: Use https://www.openwall.com/john/

I have tried, it tells me this:
Warning: invalid UTF-8 seen reading C:\Users\crist\Desktop\d.zip
oracle: Input file is not UTF-8. Please use --input-enc to specify a codepage.
Warning: only loading hashes of type "HMAC-SHA256", but also saw type "HMAC-SHA224"
Use the "--format=HMAC-SHA224" option to force loading hashes of that type instead
Error: UTF-16 BOM seen in input file.

Snoopy · 06-01-2022, 11:51 AM

i think your zip file is garbage, a plain zip file shouldnt have a BOM at the beginning

NERFER 4 · 06-02-2022, 01:35 PM

(06-01-2022, 11:51 AM)Snoopy Wrote: i think your zip file is garbage, a plain zip file shouldnt have a BOM at the beginning

So what can I do?

Snoopy · 06-03-2022, 01:31 PM

(06-02-2022, 01:35 PM)NERFER 4 Wrote:
(06-01-2022, 11:51 AM)Snoopy Wrote: i think your zip file is garbage, a plain zip file shouldnt have a BOM at the beginning

So what can I do?

nothing?

2 possibilities, winzip changed something in their encryption procedure and zip2john fails to produce a proper hash or zip2john produces a proper hash but this new hashsize isnt (yet) supported by hashcat

NERFER 4 · 06-03-2022, 11:59 PM

(06-03-2022, 01:31 PM)Snoopy Wrote:
(06-02-2022, 01:35 PM)NERFER 4 Wrote:
(06-01-2022, 11:51 AM)Snoopy Wrote: i think your zip file is garbage, a plain zip file shouldnt have a BOM at the beginning

So what can I do?

nothing?

2 possibilities, winzip changed something in their encryption procedure and zip2john fails to produce a proper hash or zip2john produces a proper hash but this new hashsize isnt (yet) supported by hashcat

I think my zip file isn't compressed, in the archive info the compression ratio is 100%. Also I think the file is quite old.

Login
Username/Email:
Password:	Lost Password?
	Remember me

hashcat advanced password recovery

hashcat
advanced password recovery