Cracking .ZIP Password

2024-09-11

This article shows how to crack a zipped file’s password using JohnTheRipper. Please note that the success of this strategy still depends on the wordlist that you are using. Get the list file from Daniel Miessler on Github.

#Using ZIP2JOHN to dump password hash of a .zip file
zip2john /PATH/FILE.zip > HASH_OUTPUT_FILE

#Using JohnTheRipper to crack the hash
john -wordlist=/PATH/WORD_LIST.txt HASH_OUTPUT_FILE

#Sample Result
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Will run 8 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
habibispice           (FILE.zip)     
1g 0:00:00:00 DONE (2024-09-10 21:39) 2.325g/s 38102p/s 38102c/s 38102C/s 123456..cowgirlup
Use the "--show" option to display all of the cracked passwords reliably
Session completed.

#Unzipping the file and providing the recovered password
unzip FILE.zip

#Sample output if unzipping is successful
Archive:  FILE.zip
[save.zip] zzz/file01 password:
  inflating: zzz/file02
  inflating: zzz/file03
  inflating: zzz/file04
  inflating: zzz/file05
  inflating: zzz/file06
 extracting: zzz/file07