Cracking a zip using John the Ripper (jtr)

Do you sometimes end up with an encrypted zip file that you can’t remember the password for?  I usually have some idea of what the password may be, and other times I am completely at a loss. In either case jtr is going to be a big help. If you have some guesses of what the password may be you can throw them into a text file. You don’t need to bother entering permutations like ‘mybestguess1’  we are going to let john handle common permutations. So instead you would enter ‘mybestguess’ into the text file. An example of my ‘lame’ dictionary file looks like this:

foo
bar
secret
lame
lamepass
pass
love

On the other hand maybe you are just need to try a huge amount of passwords. I suggest you download a massive dictionary file like the rockyou dictionary.

Here is a quick bash script that will join unzip and john together to  make your life a little easier:

#!/bin/bash
echo "ZIP-JTR Decrypt Script";
if [ $# -ne 2 ]
then
echo "Usage $0 <zipfile> <wordlist>";
exit;
fi
unzip -l $1
for i in $(john --wordlist=$2 --rules --stdout) 
do
 echo -ne "\rtrying \"$i\" " 
 unzip -o -P $i $1 >/dev/null 2>&1 
 STATUS=$?
 if [ $STATUS -eq 0 ]; then
 echo -e "\nArchive password is: \"$i\"" 
 break
 fi
done

This is what a simple test run looks like:

$ ./zip-jtr.sh lame.zip lame.dic 
ZIP-JTR Decrypt Script
Archive: lame.zip
 Length Date Time Name
--------- ---------- ----- ----
 36 2012-08-18 04:37 lame.txt
--------- -------
 36 1 file
words: 405 time: 0:00:00:00 100% w/s: 1557 current: Lamepassing
trying "lamepass1" 
Archive password is: "lamepass1"

Its probably a good idea to create a new directory, drop this script your dictionary and the zip into it and run from there. The reason being that the unzip -o option will clobber files that already exist with the same name.

Have fun!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s