Cracking a zip using John the Ripper (jtr)

Do you sometimes end up with an encrypted zip file that you can’t remember the password for?  I usually have some idea of what the password may be, and other times I am completely at a loss. In either case jtr is going to be a big help. If you have some guesses of what the password may be you can throw them into a text file. You don’t need to bother entering permutations like ‘mybestguess1’  we are going to let john handle common permutations. So instead you would enter ‘mybestguess’ into the text file. An example of my ‘lame’ dictionary file looks like this:


On the other hand maybe you are just need to try a huge amount of passwords. I suggest you download a massive dictionary file like the rockyou dictionary.

Here is a quick bash script that will join unzip and john together to  make your life a little easier:

echo "ZIP-JTR Decrypt Script";
if [ $# -ne 2 ]
echo "Usage $0 <zipfile> <wordlist>";
unzip -l $1
for i in $(john --wordlist=$2 --rules --stdout) 
 echo -ne "\rtrying \"$i\" " 
 unzip -o -P $i $1 >/dev/null 2>&1 
 if [ $STATUS -eq 0 ]; then
 echo -e "\nArchive password is: \"$i\"" 

This is what a simple test run looks like:

$ ./ lame.dic 
ZIP-JTR Decrypt Script
 Length Date Time Name
--------- ---------- ----- ----
 36 2012-08-18 04:37 lame.txt
--------- -------
 36 1 file
words: 405 time: 0:00:00:00 100% w/s: 1557 current: Lamepassing
trying "lamepass1" 
Archive password is: "lamepass1"

Its probably a good idea to create a new directory, drop this script your dictionary and the zip into it and run from there. The reason being that the unzip -o option will clobber files that already exist with the same name.

Have fun!

Running DD-WRT and OpenVPN client on a Netgear N300 WNR3500L

I did a fair amount of research recently to identify what brand router I should buy that would support DD-WRT. My main reason to run DD-WRT? I wanted to run an OpenVPN client that would support a Commercial VPN Service like the one offered by StrongVPN. Having the OpenVPN client on a dedicated piece of equipment is a big plus as it ensures all traffic is tunneled over the VPN. I have been “burned” in the past running a an OpenVPN client directly on my computer only to find out something wasn’t being tunneled. Plus with it on the router several computers can leverage the VPN service simultaneously.

I was happy to find the Netgear N300 / WNR3500L worked like a charm and was under $100 too.

Getting DD-WRT installed was pretty painless. I basically followed the instructions posted here.

I purchased the Netgear N300 aka WNR3500L from a local office supply store. I couldn’t find any version info on the packing, but it did say WNR3500L. Be careful because for some reason the “N300” seems to be a class of device with several models under it.

Remember you won’t have Internet while you do the firmware updates, so you need to do some prep work.

Download a copy of the .chk version firmware and the main firmware you plan to load. I chose these:



Make sure you understand the 30-30-30 procedure. Which is essentially this:

  • Make sure you have something to firmly depress and hold the reset button on the router without it slipping in your fingers or off the little button down inside the case. I cut a tine off a plastic fork which worked marvelously.
  1. With the unit powered on, depress and continue to hold down the reset button on the router (wait 30 seconds)
  2. Next, disconnect the power from the router, make sure you do _not_ let go of the reset button (wait 30 seconds)
  3. Re-connect the power and continue to hold down the reset (wait 30 seconds)
  • Overall you will hold the reset down for 90 seconds continuously.

Once you prep-work is done, you are ready to do the firmware upgrade:

  1. Un-pack your WNR3500L aka N300 and connect the ethernet cable to your computer
  2. Set a manual IP address to, no need for gateway or dns info
  3. Make sure your wireless adapter on your computer (of you have one) is disabled/turned-off.
  4. plug-in and give the router some time to boot, nothing should be connected to it except your computer
  5. After a bit open your browser and go to and login with username: admin password: password
  6. Click Maintenance > Router Upgrade
  7. Un-check the automatic firmware update box
  8. Click Browse and find the. chk firmware you downloaded
  9. Click Upload. Be patient, do not interrupt this process. Wait 5 minutes!
  10. Close your web browser
  11. Do a 30-30-30 reset
  12. Open your web browser and go to
  13. Set the username and password to something easy, since you are going to flash the firmware again. I chose “root” and “password” for the username and password fields respectively.
  14. Go to Administration > Firmware Upgrade
  15. Click Browse and find the non .chk firmware you downloaded
  16. Wait 5 minutes and perform another 30-30-30 reset
  17. Close your browser, and re-open
  18. Set your username and password to something strong and start tweaking!

Once you have your ISP settings in place and tweaked your wireless settings, etc. you can setup your OpenVPN client. The nice thing about StrongVPN is that they give you a script you can run on the router in the command area of the dd-wrt menu which sets up the client and does all the hard work for you.

For me, one more reboot and I was done!

Using John the Ripper to crack a password protected RAR archive.

I recently had a RAR archive that I needed to find the password for. I searched for RAR cracking tools on the web, but didn’t see anything impressive. I didn’t want a straight brute force tool either, I wanted something that would use a dictionary as input and do some common permutations kind of like … hey wait a minute the output of JTR fed into rar is what I need!

So I decided to join JTR and the standard rar archive tools together with a little script. It worked perfectly.

You need to install the rar and john tools so:

sudo apt-get install rar john

You also need a wordlist, the rockyou is a good start.

Here is the script:

echo "RAR-JTR Decrypt Script";
if [ $# -ne 2 ]
echo "Usage $0 <rarfile> <wordlist>";
rar l $1
john --wordlist=$2 --rules --stdout | while read i
 echo -ne "\rtrying \"$i\" " 
 rar e -o+ -inul -p$i $1 >/dev/null 
 if [ $STATUS -eq 0 ]; then
 echo -e "\nArchive password is: \"$i\"" 

And here is a sample run:

$ ./ lame2.rar lame.dic 
RAR-JTR Decrypt Script
RAR 3.93 Copyright (c) 1993-2010 Alexander Roshal 15 Mar 2010
Shareware version Type RAR -? for help
Archive lame2.rar
Name Size Packed Ratio Date Time Attr CRC Meth Ver
*lame.txt 46 48 104% 16-08-12 18:03 -rw-r--r-- 37F47C80 m3b 2.9
 1 46 48 104%
words: 405 time: 0:00:00:00 100% w/s: 40500 current: Lamepassing
trying "Lamepassed" 
Archive password is: "Lamepassed"

Triple booting a Macbook Pro with Lion, Windows 7, and Xubuntu 11.10

I recently got my MacBook Pro 17″ (early 2009) triple booting OSX Lion, Windows 7 64 bit , and Xubuntu 11.10 64bit, these are the steps I took to get it all working. I wanted to start with a fresh install of Lion, so I backed up my stuff you should too before continuing.

Start Lion upgrade download from the App Store. While that is happening we can create the bootable flash drive.

Create a bootable flashdrive with OSX Lion

This is a summary of the macworld article that details how to make your own bootable flashdrive

  • Obtain a flashdrive at least 8GB and format it.
  • Insert the flashdrive into your Mac and open Disk Utility
  • Click on the device (not the partition under it)
  • Click on the “partition” option in the right pane and select “1 partion” from the menu
  • Tick the  GPT partion table option under “Options”
  • Click apply.
  • When Lion finishes downloading close the installer pop-up, and locate the “Install Mac OSX” file under /Applications
  • Right-Click “Install Mac OSX” and choose “Show Package Contents” then find “InstallESD.dmg” under “Shared Support”, copy it somewhere easy to locate.
  • Open Disk Utility and click the “Restore” option. For “source” browse to the copy of InstallESD.dmg you saved off. For destination pick your newly formatted flash drive. Click Restore.

Now is the best time to run the Bootcamp Assistant located under Application/Utilities. Choose the option to download Windows support software.  Choose the option to create a CD or flash drive with the drivers you will need for the Windows 7 install. When you are done you are ready to:

Install a fresh copy of Lion

Reboot your Mac with the Lion Flash Drive inserted whilst holding down the alt/option key. You should get a menu where you can select your FlashDrive to boot from.

First thing to do here is to use the Disk Utility to setup your OSX partition. I have a 500GB drive, so I chose “2 partitions” making the first 190GB a Mac OSX extended formatted partition. The second partition I left un-formated. We can deal with it later.

Once you format and partition to your liking, close Disk Utility and choose to Install Lion. You should be able to pick your newly created OSX partition as the destination.  Follow the guided steps and soon you will have a fresh copy of Lion.

Boot into Lion and Install rEFIt, this will allow you support a “Hybrid GPT/MBR”. This is needed because ultimately you will end up with several partitions, all of which will not fit into the 4 primary partition limit of a standard MBR. Currently Windows 7 needs a MBR to boot successfully (it doesn’t support GPT).

Once rEFIt is installed, restart and when you reach the Lion login screen restart again. This time you should see the rEFIt menu come up. Choose OSX (it should be the default).

Now we need to format the unused space on our drive to ready for our Windows 7 and Xubunu installs.

Open Disk Utility, select your disk device, choose the Partition menu and click on the 2nd partion you created earlier. Click on the “+” icon 2 times so your 1 unused parttion is now divided into 3 partitions. Adjust the sizes of each partition. I chose 190GB for Windows, 100GB for Xubuntu and 16GB for Xubuntu Swap. Select each partition and give it a Name you will recognize and set the Format to MS-DOS (FAT). We will be reformatting them with NTFS, EXT4, and Linux Swap respectively during the install of the remaining OS’s but they should be FAT to make it easy for the OS installers to recognize.

Once you’re done, go ahead and insert your Windows 7 install media, restart and hold down the option/alt key again, choose your Windows 7 media to start the install.

To Install Windows 7  you will need to choose a “Custom” install so you can pick the Windows (FAT formatted) partition as your target. The installer will tell you that you cannot install Windows to it, until you click on Details option and then click format. Proceed with the  install through a couple reboots until it finishes.

You should, at this point, see both a Windows and OSX icon in the rEFIt boot menu, you should also be able to boot into either without issue.

Next we need to install Xubuntu 11.10 64bit Alternate. You need the alternate version because without it the Installer would not load. Insert your bootable media/DVD, hold down option/alt and select it. If its a DVD it will show up as a DVD icon labled windows don’t worry about it.

Follow the Xubuntu installer questions until you reach the choose install partition section. Here we need to choose to manually choose our partition scheme.

Select your Linux partition (currently formatted as FAT) and tell the installer to “use it”,  mount as “/”, Format as EXT-4, and make sure the make bootable flag is not set. Then choose your small swap partition, tell the installer to use that as Linux Swap.

Before you continue, take special notice here of what device the installer considers your “/” (root) partition. On the left there should be a number, in my case it was #5.  Also note what disk # you are working with. Mine was #1.

Continue with the install until the end where we reach the GRUB installer.  At the GRUB installer we need to choose to install GRUB to a disk or partition (Not the MBR location). Instead you will enter your full device/partition path. Your previous notation of what disk and partition your root disk was mounted becomes important here. For example Disk #1 , Partition #5 becomes “/dev/sda5” where as if we had Disk #2 and Partition #2 we would have “/dev/sdb2”. After you enter your info, GRUB will install.  After it completes you will prompted to reboot. Go ahead.

At the rEFIt menu, choose to boot OSX, don’t panic if you choose either Windows 7 or Xubuntu at this point and you see “Operating System Not Found”.

When GRUB installed it tried to be helpful and called gptsync which synchronizes your MBR scheme to your GPT scheme. A valiant effort, but also disruptive in our case. Let’s fix it.

We need to make sure we create a Windows a section in the MBR table for reasons noted earlier. Pop open a terminal session. Also run the Partition Analyzer that was installed under Application/Utilities by rEFIt.

The first section of the Partition Analyzer output is your GPT scheme the second is your MBR scheme.

In all likelihood your Windows 7 partition has been pushed out of the MBR scheme entirely. You will also notice that Lion created a new partition called OSX recovery.

In the terminal we need to use fdisk to put Windows back into the MBR.

> sudo fdisk -e /dev/disk0

> edit 4 (or whatever partition number is used by the OSX recovery partition)

Set the format type to ’07’

the offset should be the sector start number for your windows 7 partition as displayed by the Partition Analyzer output from the GPT section.

NOTE the next number is the ‘size’ not the end sector. Take the corresponding end sector number from the Partition Analyzer and subtract the start sector number. Then add ‘1’ to it. That’s your size. Enter that. No need to make it bootable.

Now hit ‘p’ to print the partition table and make sure that the Windows partition info looks correct.

‘w’ will write the changes, and we are informed we need to reboot so, do that now.

Boot back to Lion. Now we need to get and install gdisk, this will allow us to repair our Hybrid GPT/MBR record to reflect the location of the Windows partition on the MBR side.

Install gdisk and then open a terminal:

> sudo gdisk /dev/disk0

hit ‘p‘ to print your partition info.

Then hit ‘r‘ to start a repair session

hit ‘h‘ for a hybrid gpt/mbr

Now we are prompted to list the partitions to be in the Hybrid table, enter numbers for your Mac OSX partition, Windows 7, and Linux. In my case it was ‘2 4 5

For each choose the partition type. AF for Mac, 07 for Windows, and 83 for Linux.

Don’t set bootable flag on any of these.

write. and exit.

Restart and this time at the rEFIt menu choose to boot Linux.

Have your finger on the ‘e‘ key because we need to edit the GRUB2 boot options to get Xubuntu to work or else we will be left with the “blinking cursor” of doom. This is due to video driver issues.

e’ (edit)’ the top boot option and find the line starting with ‘kernel’. Drop everything after ‘ro’ your getting rid of stuff like quiet, splash options , etc.

insert “nouveau.noaccel=1 blacklist=vga16fb” after ro and then press F10 to boot.

You should boot into Xubuntu! Almost there. We have some drama with the video drivers, so to fix it we need to run:

> sudo apt-get update.

When it finishes you will get an icon in the upper right corner that looks like a video card , click on it and choose a different driver for video. I chose the NVIDIA accelerated post release updates version.

Restart and choose to boot to Linux, this time just select the boot entry and it should work.

Restart and boot to Windows 7. Install the Boot Camp drivers. Just run the .exe in the root of the disk you created using Boot Camp Assistant.

You should now have a working triple boot Macbook Pro!