Zip2john Linux
Linux commands help Description zip is a compression and file packaging utility for Unix, VMS, MSDOS, OS/2, Windows 9x / NT / XP, Minix, Atari, Macintosh, Amiga, and Acorn RISC OS. ”John the Ripper” – is a fast password cracker. Its primary purpose is to detect weak Unix passwords. Most likely you do not need to install “John the Ripper” system-wide. Instead, after you extract the distribution archive and possibly compile the source code (see below), you may simply enter the “run” directory and invoke John. The simplest way to get your feet wet is to type $ /usr/sbin/john -test. For doing some tests and benchmarks on John's capabilities. If you have no idea what Kerberos, MD5, DES or Blowfish are, we recommend you start reading some basic security books, because, like we said before, you need some security/administration background. John the Ripper (JTR) is a free password cracking software tool. It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package.
This post is a continuation from my last regarding cracking encrypted .zip archives. But what happens if you come across an encrypted 7zip archive? The 7-Zip encryption is actually quite good and can require a lot of time to bruteforce, but this guide will show you how weak passwords can still break good encryption.
I’ll use LightWeight from HackTheBox as an example for this guide. Please note that this post does not intend to serve as a walkthrough for the box.
To begin, we already have the archive we wish to crack on our filesystem. Our goal is to crack the file named backup.7z.
We try to open the archive using 7z, but we’re prompted for a password that we do not know. When prompted, I entered password in the example below, but that did not work.
7z x backup.7z
We can start by using zip2john, but we find that the tool is unable to obtain the hash.
Zip2john Download Linux
To proceed, we’ll need a tool called 7z2john. If you get an error when trying to run this tool, you may need to install the following package.
sudo apt install libcompress-raw-lzma-perl -y
With that package installed, let’s locate 7z2john and copy the full path.
Now let’s run this tool against backup.7z.
/usr/share/john/7z2john.pl backup.7z
Nice! We’ve extracted the hash. I’m just going to rerun the command again and output the results into a file named lightweight7z.hash
/usr/share/john/7z2john.pl backup.7z > lightweight7z.hash
Now let’s vi the file so we can remove the first bit. With the cursor at the top, I’m going to enter 10x while still in command mode so that I delete the first 10 characters. We should be left with only the hash now. To write my changes and quit, I’ll enter :wq
With the hash in hand, we’re ready to pass the hard work over to hashcat. First, we need to identify what numeric value hashcat assigns to 7-zip archives. Let’s run hashcat --example-hashes and search the results for 7-Zip. We find that we’ll need mode 11600
As long as you have a wordlist ready, let’s throw this at hashcat!
hashcat -m 11600 lightweight7z.hash /usr/share/wordlists/rockyou.txt
After some time, we see that our password is cracked. The credential appears to be delete.
Let’s test this by running 7z x backup.7z again, but entering delete when prompted for the credential.
Now we see the archived .php files available to us in our present working directory!
That’s it! Super quick and easy to crack this if you have a weak password. While the 7-zip encryption is actually quite good and can make a password very difficult to crack, weak passwords will end up harming you in the end.
Zip2john Linux
