IT Training Modules - Classroom Tasks

IT Training Module 5 Homepage
Home | How To | Group Discussions | Cracking Zip archive passwords | Attack a windows operating system | 4 - TBC | Download Presentation | Trainers Notes (Temp) |

John the Ripper - Crack a Zip Password

We can use John the Ripper for some tasks that may be useful to digital forensic investigators: in this case getting around passwords. This demo will focus on cracking passwords for ZIP or RAR archive files. Luckily, the John the Ripper community has done most of the hard work for us.

For this demo to work we need to have built the community version of John the Ripper since it has extra utilities for ZIP and RAR files.

The demo is performed in a "Kali" linux build which already had John the Ripper community version installed.

1.   Open the Kali linux in the virtual demo classroom.

2.   Login with the credentials student /

3.   Right click the desktop and select "create document".

4.   Creat a new document named "CrackTest" save it to the "Desktop"

5.   Open in a text editor and add the line " If you can read this then you have cracked the password."

6.   Right click the new file and select "create archive"

7.   Open the "Other Options" menu and create a password for the zip file. The password conforms to standard password requirements.

8.   Open the archive and try to open the text file. A password is needed.

9.   Delete the original text file.

Crack the Zip Password

Now our first step will be to get a hash of the zip file using the zip2john tool. Simply define the location of the password protected zip file and the location where you want to save the hash.

  1.   Open a root terminal in Kali.

2.   using zip2john command, select the zip file to crack and the location of the hash to be created. EX. zip2john < password protected ZIP file > > < name with location where we want to save >

zip2john /home/student/Desktop/CrackTest.zip > /home/student/Desktop/zip.hash

3.   Change directory to to location of the hash, in this case the desktop.

cd /home/student/Desktop/

ls - to see the file is in the location.

4.   Next we need to give john the location of the saved hash and it will try its own dictionary to crack the password of the zip file through the hash. If this fails it will start a process to check all key combinations which will take much longer. (Dependant of the processing power and speed of the cracking machine).

john zip.hash

5.   The result is shown below. If successful it will show the password for the zip file on screen.

6. Now we will look at the password dictionary list used by john. You can add passwords to the list using a text editor. It is also possible to collect lists from others and use them with john.

sudo nano /usr/share/john/password.lst

Footer