How to get your zip’s password which you forgot ?

this is based on windows

Sometimes you may forget the password of your file, and you may need to brute force it

Since brute force cracking, it is best to use the GPU’s computing power tool

Supports almost all public formats of encryption algorithms. Of course, since it is brute force, the speed is not fast.

tool:
hashcat
https://github.com/hashcat/hashcat

John the Ripper
https://github.com/openwall/john

process:
Use the tools in John the Ripper to get the hash, and then use hashcat to crack it.

Take the zip file as an example:

the zip file’s name is drk.zip

Use john software to get the hash of the file (other types of files need to find the corresponding, such as rar should use rar2john.exe)

The command line interface is similar to following:

john-1.9.0-jumbo-1-win64\run> zip2john.exe C:\Users\your username\Downloads\drk.zip

Get something similar to

ver 2.0 drk.zip/p.jpg PKZIP Encr: cmplen=32479781, decmplen=33117655, crc=75D6287
ver 2.0 drk.zip/password.txt PKZIP Encr: cmplen=20, decmplen=8, crc=50FE386B
drk.zip:$pkzip2$2*1*1*0*8*24*075d*0583*e66dc60ce74f030d6f2d728f935371a65ed330e47733e8d8f5502d4e6e249956d0f8222d*2*0*14*8*50fe386b*1ef9a48*2a*0*14*50fe*029c*96c9ccc46ba49b9b924a36e7036567cb460303e0*$/pkzip2$::333.zip:password.txt, p.jpg:C:\Users...

Among them :

$pkzip2$2110824075d0583e66dc60ce74f030d6f2d728f935371a65ed330e47733e8d8f5502d4e6e249956d0f8222d2014850fe386b1ef9a482a0c14241ef9a482a992446e46e46e465067992446k36b0c14240

is the hash we want

Then use hashcat software, The command line interface is similar to

D:\Program Files\hashcat-6.2.4>  hashcat.exe -a 3 -m 17225 $pkzip2$2*1*1*0*8*24*075d*0583*e66dc60ce74f030d6f2d728f935371a65ed330e47733e8d8f5502d4e6e249956d0f8222d*2*0*14*8*50fe386b*1ef9a48*2a*0*14*50fe*029c*96c9ccc46ba49b9b924a36e7036567cb460303e0*$/pkzip2$ --increment --increment-max=9

Among them,

-a 3 represents the specified crack mode as exhaustive mode,

-m specifies the file type as 17225 because here is $pkzip2$,

–increment represents the automatic increase of digits

–increment-max=9 represents the maximum to 9 digits.


Specific parameters can be based on needs, as well as setting information such as masks, etc., from the following,
https://hashcat.net/wiki/doku.php?id=hashcat
https://hashcat.net/wiki/doku.php?id=mask_attack

Just wait for execution, and finally get something like

$pkzip2$2*1*1*0*8*24*075d*0583*e66dc60ce74f030d6f2d728f935371a65ed330e47733e8d8f5502d4e6e249956d0f8222d*2*0*14*8*50fe386b*1ef9a48*2a*0*14*50fe*029c*96c9ccc46ba49b9b924a36e7036567cb460303e0*$/pkzip2$:699nun9x

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 17225 (PKZIP (Mixed Multi-File))
Hash.Target......: $pkzip2$2*1*1*0*8*24*075d*0583*e66dc60ce74f030d6f2d...kzip2$
Time.Started.....: Thu Sep 30 10:19:12 2021 (7 mins, 56 secs)
Time.Estimated...: Thu Sep 30 10:27:08 2021 (0 secs)

Among them,

Status………..: Cracked means the password has been found,

and the above 699nun9x is the password (at the end of first line)

Leave a Reply

Your email address will not be published. Required fields are marked *