Category: Security

Cracking a zip using John the Ripper (jtr)

Do you sometimes end up with an encrypted zip file that you can’t remember the password for?  I usually have some idea of what the password may be, and other times I am completely at a loss. In either case jtr is going to be a big help. If you have some guesses of what the password may be you can throw them into a text file. You don’t need to bother entering permutations like ‘mybestguess1’  we are going to let john handle common permutations. So instead you would enter ‘mybestguess’ into the text file. An example of my ‘lame’ dictionary file looks like this:

foo
bar
secret
lame
lamepass
pass
love

On the other hand maybe you are just need to try a huge amount of passwords. I suggest you download a massive dictionary file like the rockyou dictionary.

Here is a quick bash script that will join unzip and john together to  make your life a little easier:

#!/bin/bash
echo "ZIP-JTR Decrypt Script";
if [ $# -ne 2 ]
then
echo "Usage $0 <zipfile> <wordlist>";
exit;
fi
unzip -l $1
for i in $(john --wordlist=$2 --rules --stdout) 
do
 echo -ne "\rtrying \"$i\" " 
 unzip -o -P $i $1 >/dev/null 2>&1 
 STATUS=$?
 if [ $STATUS -eq 0 ]; then
 echo -e "\nArchive password is: \"$i\"" 
 break
 fi
done

This is what a simple test run looks like:

$ ./zip-jtr.sh lame.zip lame.dic 
ZIP-JTR Decrypt Script
Archive: lame.zip
 Length Date Time Name
--------- ---------- ----- ----
 36 2012-08-18 04:37 lame.txt
--------- -------
 36 1 file
words: 405 time: 0:00:00:00 100% w/s: 1557 current: Lamepassing
trying "lamepass1" 
Archive password is: "lamepass1"

Its probably a good idea to create a new directory, drop this script your dictionary and the zip into it and run from there. The reason being that the unzip -o option will clobber files that already exist with the same name.

Have fun!

Using John the Ripper to crack a password protected RAR archive.

I recently had a RAR archive that I needed to find the password for. I searched for RAR cracking tools on the web, but didn’t see anything impressive. I didn’t want a straight brute force tool either, I wanted something that would use a dictionary as input and do some common permutations kind of like … hey wait a minute the output of JTR fed into rar is what I need!

So I decided to join JTR and the standard rar archive tools together with a little script. It worked perfectly.

You need to install the rar and john tools so:

sudo apt-get install rar john

You also need a wordlist, the rockyou is a good start.

Here is the script:

#!/bin/bash
echo "RAR-JTR Decrypt Script";
if [ $# -ne 2 ]
then
echo "Usage $0 <rarfile> <wordlist>";
exit;
fi
rar l $1
john --wordlist=$2 --rules --stdout | while read i
do
 echo -ne "\rtrying \"$i\" " 
 rar e -o+ -inul -p$i $1 >/dev/null 
 STATUS=$?
 if [ $STATUS -eq 0 ]; then
 echo -e "\nArchive password is: \"$i\"" 
 break
 fi
done

And here is a sample run:

$ ./rar-jtr.sh lame2.rar lame.dic 
RAR-JTR Decrypt Script
RAR 3.93 Copyright (c) 1993-2010 Alexander Roshal 15 Mar 2010
Shareware version Type RAR -? for help
Archive lame2.rar
Name Size Packed Ratio Date Time Attr CRC Meth Ver
-------------------------------------------------------------------------------
*lame.txt 46 48 104% 16-08-12 18:03 -rw-r--r-- 37F47C80 m3b 2.9
-------------------------------------------------------------------------------
 1 46 48 104%
words: 405 time: 0:00:00:00 100% w/s: 40500 current: Lamepassing
trying "Lamepassed" 
Archive password is: "Lamepassed"