HTB Academy - Cracking Passwords with Hashcat

Hello all,
Hopefully this is an easy one for someone to assist me with. I am on the “Cracking Miscellaneous Files & Hashes” section of the Cracking Passwords with Hashcat module and am tasked with cracking the password for the password protected 7z file. The hint says to use 7z2john from /opt. I have tried to figure out the syntax for that tool, but there is nothing online, nor any help info for that file. Can someone provide me a hint on the syntax to extract the hash of a 7z file using 7z2john?

Thank you.

First I create a test file:

└──╼ $ head -c 2000 /dev/random > secret.db

└──╼ $ 7z a -prockyou zipfile.7z secret.db

7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,4 CPUs AMD Ryzen 5 5600G with Radeon Graphics          (A50F00),ASM,AES-NI)

Scanning the drive:
1 file, 2000 bytes (2 KiB)

Creating archive: zipfile.7z

Items to compress: 1
    
Files read from disk: 1
Archive size: 2154 bytes (3 KiB)
Everything is Ok

The test file is small to not reach the 8K limit of the hashcat program hash 8K limit

The password is chosen from the rockyou word list to find it in this list.

Hashcat needs a parameter with the hash mode.
The mode for the 7-Zip file is in the hashcat documentation
hascat modes

The mode listed for 7-Zip is: 11600

It is useful to compare the hash with an example to find bugs.
Examples of the hash are on web page: example hashes

Use the 7z2john tool to extract the hash.

└──╼ $ /usr/share/john/7z2john.pl zipfile.7z > zipfile.johnhash

The output format does not match the example.
The filename is added.

└──╼ $ head -c 50 zipfile.johnhash
zipfile.7z:$7z$2$19$0$$8$fd51eb22adc1e803000000000

Strip the first field with the file name.

└──╼ $ cut -d: -f2 zipfile.johnhash > zipfile.hash

Now the hash is prepared and can be cracked with hashcat.

└──╼ $ hashcat -m 11600 zipfile.hash /usr/share/wordlist/rockyou.txt

Thank you so much for the detailed response. Your instructions were spot on, however I did have to do a couple of extra things for them to work:

  1. At the step where you use 7z2john to extract the hash and output to zipfile.johnhash
    ++ I received an error “Can’t locate Compress/Raw/Lzma.pm in @INC…”
    ++I had to run the command “sudo cpan IO::Compress::Lzma” and approve the prompt to auto configure
  2. Because I am using the Pwnbox from the HTB Academy I used the Pwnbox path to rockyou.txt
    ++ /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt
    ++I also had to run the hashcat command for cracking the hash with sudo because Pwnbox likes to clamp down on permissions.

Again, thank you so much.