How to use the command 'zip2john' (with examples)
The zip2john
command is a powerful utility tool designed to extract password hashes from ZIP archives, facilitating the process for John the Ripper, a robust password-cracking software. By converting the compression-specific passwords into a standardized hash format, zip2john
bridges the gap between a protected archive and the subsequent cracking process, making it an essential tool in digital security, penetration testing, and forensic analysis.
Use case 1: Extract the password hash from an archive, listing all files in the archive
Code:
zip2john path/to/file.zip
Motivation:
Imagine encountering a situation where you need to access files in an encrypted ZIP archive, but you’ve forgotten the password. In digital forensic investigations or ethical hacking scenarios, accessing the contents of secured archives is often crucial. Using zip2john
helps extract the password hashes, enabling John the Ripper to attempt password cracking. Listing all files in the archive provides insights into its contents, potentially revealing whether it’s worth investing the time to crack open.
Explanation:
zip2john
: This is the command used to initiate the process of converting password-protected ZIP archives into hash files compatible with John the Ripper.path/to/file.zip
: This argument specifies the path to the ZIP file from which the password hash needs to be extracted. It requires an absolute or relative path pointing directly to the archive file.
Example Output:
file.zip/file.txt: file.zip/file.txt PKZIP Encr: 2b chk, TS_chk, cmplen=102, decmplen=29, crc=1F82AABA
Use case 2: Extract the password hash using [o]nly a specific compressed file
Code:
zip2john -o path/to/compressed_file path/to/file.zip
Motivation:
Often, ZIP archives contain numerous files, but your interest or necessity might be restricted to a specific file within that archive. In instances where you’re aware of the particular file of interest that needs to be decrypted—such as a crucial document or a specific piece of evidence—it’s efficient to focus the cracking process exclusively on that file instead of working with the entire archive’s contents. This saves time and computational resources.
Explanation:
-o
: This flag specifies that the extraction should focus only on the file within the zip archive, ignoring all others.path/to/compressed_file
: This is the specific file inside the ZIP archive from which you’d like to extract the password hash.path/to/file.zip
: This is the path to the ZIP archive containing the desired file.
Example Output:
file.zip/file_of_interest.txt: file.zip/file_of_interest.txt PKZIP Encr: 2b chk, TS_chk, cmplen=64, decmplen=24, crc=DEADBEEF
Use case 3: Extract the password hash from a compressed file to a specific file (for use with John the Ripper)
Code:
zip2john -o path/to/compressed_file path/to/file.zip > file.hash
Motivation:
When handling multiple tasks or working collaboratively, you may want to save the extracted password hashes into a separate file for subsequent decryption attempts. This is particularly useful in larger investigations or workflows, where managing and organizing hash analyses methodically is vital. Saving the output enhances repeatability, thorough documentation, and ease of sharing across teams or for articles and reports.
Explanation:
-o
: Indicates that the operation should only target one selected file within the ZIP archive.path/to/compressed_file
: The specific file from which to extract the hash.path/to/file.zip
: Path to the targeted ZIP archive.> file.hash
: This redirection operation outputs the extracted hash into a file namedfile.hash
for future use with John the Ripper or for sharing with colleagues.
Example Output:
(file.hash file content)
file.zip/file_of_interest.txt: file.zip/file_of_interest.txt PKZIP Encr: 2b chk, TS_chk, cmplen=64, decmplen=24, crc=DEADBEEF
Conclusion:
The zip2john
utility significantly aids in the process of password recovery and file access in secured ZIP archives, serving as a pre-step for John the Ripper’s password-cracking capabilities. Its flexibility in filtering for specific files and saving outputs enhances its usability across various scenarios, from individual use cases to professional cybersecurity investigations. By working through these examples, users can effectively harness its functionality to overcome password-protected ZIP file barriers.