Password Attacks | protected Archives zip2john

Hey y’all,

I really need some help on Password Attacks | protected Archives.

I am unable to crack the file that I get from the zip2john file.
The process is very straight forward

  1. zip2john > zipnotes.hash
  2. john --wordlist=/usr/share/wordlists/rockyou.txt zipnotes.hash

John does not crack this file, and what happens is that it goes through the whole worklist (rockyou) in 5 seconds. However, when i do not use the wordlist if works but does not crack the file.
I am also using hashcat with similar results. I am using mode 17210, 17220 and nothing. With no wordlist, similar to john, it goes through the cracking process but does not find anything.

Any help would be appreciated.

1 Like

Why do you want to crack the file with rockyou.txt?
You got a list in the module.


Hey, thanks for replying.
So the wordlist from the module does not work for me. Unless you are giving a hint :wink:

1 Like

I have sent you a DM


The wordlist from the module is the one you need to use, but first, you have to do something to it.

I have a question. Where from should we get the cracked password of the user Kira?

I have the same problem too

this can help: download the resource file (up in the page in the right). Then you can create a file .list with the password of kira LoveYou1, then with hashcat you perform permutations with the .list file containing only the password and the custom.rule file (see the “password permutations” section). Then you can run hydra against the SSH service with user “kira” and the provided permuted password list.
it was a bit messy and not clear, I was supposing to use methods in the section but NO, I needed to use previous methods because the password for kira was not provided

Hi simotone97,

Many thanks for tips.
Very helpfull.

hi guys, I am stuck here with
John answer me with
Enabling duplicate candidate password suppressor
0g 0:00:00:00 DONE (2023-09-15 16:51) 0g/s 2081Kp/s 2081Kc/s 2081KC/s loveyou192!oi…ovey
Session completed.
I used mutated list as well
nothing works
I tried 2 different version of John
and hashcat- m 17200-17300
could someone help me?

I have same problem which wordlist to use to crack this Kira’s zip file, i tried mutated usernames list and mut_passwords.list also only passwords.list

You should sumbitted this password as the answer in previous sections

u need to download from Resources and create new mutated list from password.list


Where did you see/find that this was Kira’s password? I don’t see it anywhere in the modules or the password.list file. I see LoveYou1 is in the rockyou.txt files, but mutating that and then using it would take ages lol

Look at hint in this section

it says

From other hosts on the network, our colleagues were able to identify the user “Kira”, who in most cases had SSH access to other systems with the password “LoveYou1”.

Hey guys, the machine says that is located in root/ So I logged in as root, but when I move to the root directory is nowhere to be found. Even when I try ls -la to see hidden files it’s not there. Does anybody know how to get the file?

Found it. It was in /kira/Documents. Still strange that the machine said it was in /root.

Can i ask how you got the file to run john against it? I’ve been trying to move it over to my machine via scp (times out), no python on host so cant spin up a python server, password protected so i cant just copy the contents and paste into my kali box. no NC on the machine either. I’m at a lost.

python3 -m http.server worked fine for me! Can’t be sure what went wrong for you, maybe you used python instead of python3 ?

Can someone please tell me kiras password. Tried mutating LoveYou1 and still not availe. “Use the cracked password of the user Kira and log in to the host and crack the “id_rsa” SSH key. Then, submit the password for the SSH key as the answer.”

I saw a couple people saying it was an answer for a previous section, this is false. I do recall mutating LoveYou1 at somepoint, but it was not the answer to a quesiton.