Output for zip2john command:
zip2john backup.zip > hash 1 ⨯
ver 2.0 efh 5455 efh 7875 backup.zip/index.php PKZIP Encr: 2b chk, TS_chk, >cmplen=1201, decmplen=2594, crc=3A41AE06
ver 2.0 efh 5455 efh 7875 backup.zip/style.css PKZIP Encr: 2b chk, TS_chk, >cmplen=986, decmplen=3274, crc=1B1CCD6A
NOTE: It is assumed that all files in each archive have the same password.
If that is not the case, the hash may be uncrackable. To avoid this, use
option -o to pick a file at a time.
I tried the -o option without specifying files:
zip2john -o backup.zip > hash
Using file backup.zip as only file to check
Usage: zip2john [options] [zip file(s)]
Options for ‘old’ PKZIP encrypted files only:
-a This is a ‘known’ ASCII file. This can be faster, IF all
files are larger, and you KNOW that at least one of them starts out as
‘pure’ ASCII data.
-o Only use this file from the .zip file.
-c This will create a ‘checksum only’ hash. If there are many encrypted
files in the .zip file, then this may be an option, and there will be
enough data that false positives will not be seen. If the .zip is 2
byte checksums, and there are 3 or more of them, then we have 48 bits
knowledge, which ‘may’ be enough to crack the password, without having
to force the user to have the .zip file present.
-m Use “file magic” as known-plain if applicable. This can be faster but
not 100% safe in all situations.
-2 Force 2 byte checksum computation.
NOTE: By default it is assumed that all files in each archive have the same
password. If that’s not the case, the produced hash may be uncrackable.
To avoid this, use -o option to pick a file at a time.
Tried specifying the style.css file and index.php but I get the same message as above.
The walkthrough does have the password, but I wanna understand what I am doing wrong here.
What makes you think something is going wrong?
Zip2John creates a file you can try to crack with john. What happens when you run john? What errors are you getting?
@TazWake said:
What makes you think something is going wrong?
Zip2John creates a file you can try to crack with john. What happens when you run john? What errors are you getting?
┌──(kali㉿kali)-[~/Downloads]
└─$ sudo john hash --fork=4 -w=/home/kali/rockyou.txt
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Node numbers 1-4 of 4 (fork)
4: fopen: /home/kali/rockyou.txt: No such file or directory
2: fopen: /home/kali/rockyou.txt: No such file or directory
3: fopen: /home/kali/rockyou.txt: No such file or directory
1: fopen: /home/kali/rockyou.txt: No such file or directory
OH ok it seems that the hash file was created in my user dir and my downloads folder, the one in user was empty while the one in downloads has the hash.
@Codemel said:
┌──(kali㉿kali)-[~/Downloads]
└─$ sudo john hash --fork=4 -w=/home/kali/rockyou.txt
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Node numbers 1-4 of 4 (fork)
4: fopen: /home/kali/rockyou.txt: No such file or directory
2: fopen: /home/kali/rockyou.txt: No such file or directory
3: fopen: /home/kali/rockyou.txt: No such file or directory
1: fopen: /home/kali/rockyou.txt: No such file or directory
OH ok it seems that the hash file was created in my user dir and my downloads folder, the one in user was empty while the one in downloads has the hash.
Is it working now?
The error on the screen seems to be John failing to find the rockyou wordlist.
@TazWake
Is it working now?
The error on the screen seems to be John failing to find the rockyou wordlist.
I found out that the wordlists are located in the /usr/share/wordlists folder and it seems that rockyou.txt is compressed gz, is that natural?
I just unzipped the file, redirected the john command and now it worked thanks!
└─$ john hash --fork=4 -w=/usr/share/wordlists/rockyou.txt
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Node numbers 1-4 of 4 (fork)
Press ‘q’ or Ctrl-C to abort, almost any other key for status
(backup.zip)
Didn’t put in the whole output *No spoilers 
@Codemel said:
@TazWake
Is it working now?
The error on the screen seems to be John failing to find the rockyou wordlist.
I found out that the wordlists are located in the /usr/share/wordlists folder and it seems that rockyou.txt is compressed gz, is that natural?
Yeah, cos it is huge, most installs ship with it compressed.
I just unzipped the file, redirected the john command and now it worked thanks!
Awesome!