06-18-2023, 01:08 PM
I am testing the hashcat with zip files and it turns to be quite picky.
I am starting by creating a password protected zip file, generating the hash file with zip2john, modifying the hash file so that it can work with hashcat, and running
hashcat -m 17200 -a 3 hashfile password
It works correctly, confirming I am on the right track, but only for zip files prepared with a 30 years old shareware version pkzip run in a DOS Box (yes, I am that old that I still have backups from 80/90s
). For these files after a second or two required to initialize everything hashcat shows a status of "cracked" and adds result to the pot file. But it doesn't work neither for zip files made with current versions of 7zip , nor WinRAR (with selected ZIP legacy encryption) nor with standard linux zip (ver. 3.0). In all cases hash file looks as expected (starts with $pkzip2$1*1*2*0*) and no errors are reported on start. hashcat runs not reporting any problems, but in the end it always shows status "Exhausted". I tried also other zip related modes than 17200, but to no avail.
I admit I don't have the newest pkzip from pkware, but I am kinda wary of paying for a software that may or may not solve the problem.
Am I doing something wrong, or is it just the way hashcat works? JtR cracks all these files with no complaints, but hashcat is substantially faster with GPU usage.
To add some background to what and why I am testing: I am working on an OSINT and Digital Forensics based Alternate Reality game, where cracking/guessing passwords to get access to real files is part of the gameplay. Players are free to choose their own tools, but I want to be sure things work more or less as expected, to not add unnecessary frustration to the experience. As part of that I want to check how long it takes to crack passwords to zip files to make sure players will be able to brute force passwords in reasonable time (say 24h, not 24 weeks) on a reasonably priced computer (reference being my eight core i7 with 3060).
I am starting by creating a password protected zip file, generating the hash file with zip2john, modifying the hash file so that it can work with hashcat, and running
hashcat -m 17200 -a 3 hashfile password
It works correctly, confirming I am on the right track, but only for zip files prepared with a 30 years old shareware version pkzip run in a DOS Box (yes, I am that old that I still have backups from 80/90s
). For these files after a second or two required to initialize everything hashcat shows a status of "cracked" and adds result to the pot file. But it doesn't work neither for zip files made with current versions of 7zip , nor WinRAR (with selected ZIP legacy encryption) nor with standard linux zip (ver. 3.0). In all cases hash file looks as expected (starts with $pkzip2$1*1*2*0*) and no errors are reported on start. hashcat runs not reporting any problems, but in the end it always shows status "Exhausted". I tried also other zip related modes than 17200, but to no avail. I admit I don't have the newest pkzip from pkware, but I am kinda wary of paying for a software that may or may not solve the problem.
Am I doing something wrong, or is it just the way hashcat works? JtR cracks all these files with no complaints, but hashcat is substantially faster with GPU usage.
To add some background to what and why I am testing: I am working on an OSINT and Digital Forensics based Alternate Reality game, where cracking/guessing passwords to get access to real files is part of the gameplay. Players are free to choose their own tools, but I want to be sure things work more or less as expected, to not add unnecessary frustration to the experience. As part of that I want to check how long it takes to crack passwords to zip files to make sure players will be able to brute force passwords in reasonable time (say 24h, not 24 weeks) on a reasonably priced computer (reference being my eight core i7 with 3060).
