How to use the command 'zip2john' (with examples)

The ‘zip2john’ command is a utility tool that is usually installed as part of the John the Ripper password cracker. Its purpose is to extract password hashes from zip files, which can then be used with John the Ripper to crack the password. This command is very useful for situations where someone has forgotten the password to a zip file and needs to recover it.

Use case 1: Extract the password hash from an archive, listing all files in the archive

Code:

zip2john path/to/file.zip

Motivation: This use case is useful when you want to extract the password hash from a zip file and also see a list of all the files contained in the archive. It allows you to get an overview of the contents of the zip file while extracting the necessary information for password cracking.

Explanation: The command ‘zip2john’ is followed by the path to the zip file from which you want to extract the password hash. In this use case, no additional arguments are used.

Example output:

file.zip:$pkzip2$1*2*2*0*8*24*fa224060*0*42*0*8*24*d5ab000052b0807c0002008ff7244082*0*31d4*4*2b*8*:file.txt,dir1/file1.txt,dir1/subdir/file2.txt

Use case 2: Extract the password hash using [o]nly a specific compressed file

Code:

zip2john -o path/to/compressed_file path/to/file.zip

Motivation: This use case is useful when you only want to extract the password hash for a specific file within the zip archive. It allows you to focus on cracking the password for that particular file without extracting unnecessary information.

Explanation: The ‘-o’ option is used to specify that only a specific compressed file should be considered for extracting the password hash. It is followed by the path to the compressed file within the zip archive, as well as the path to the zip file itself.

Example output:

file.zip:$pkzip2$1*2*2*0*8*24*fa224060*0*42*0*8*24*d5ab000052b0807c0002008ff7244082*0*31d4*4*2b*8*:dir1/subdir/file2.txt

Use case 3: Extract the password hash from a compressed file to a specific file (for use with John the Ripper)

Code:

zip2john -o path/to/compressed_file path/to/file.zip > file.hash

Motivation: This use case is useful when you want to save the extracted password hash to a specific file for further use with John the Ripper. It allows you to have the password hash in a separate file, making it easier to work with when using John the Ripper.

Explanation: The ‘-o’ option is used to specify the compressed file for which the password hash should be extracted. It is followed by the path to the compressed file within the zip archive and the path to the zip file itself. The output of the command is redirected to a file named ‘file.hash’.

Example output: The extracted password hash will be saved in the file ‘file.hash’.

Conclusion:

The ‘zip2john’ command is a useful tool for extracting password hashes from zip files. It provides several options for customizing the extraction process, allowing you to focus on specific files within the archive. This tool is often used in combination with John the Ripper to crack the password of zip files.