For this to work you need to have built the community version of John the Ripper since it has extra utilities for ZIP and RAR files. For this exercise I have created password protected RAR and ZIP files, that each contain two files. Test.rar: RAR archive data, v1d, os: Unix test.zip: Zip archive data, at least v1.0 to extract The password for. RP STUDIOS PRODUCTIONhttp://adf.ly/1k1JYX. Try some common password 11111, 000000, win RAR. Use RAR editing software and remove password command. You can find password of RAR file. You need to get hashes of RAR software, encryption and use brute force attack for password cracking. Crack ZIP File Password Online(Using Online ZIP Converter) Another popular method used to hack ZIP file password without software is by using the online ZIP converter. This helps you to remove ZIP file passwords free of charge on the internet. It works by converting RAR files into ZIP format, after which the password is then removed. RAR/WinRAR archiver version 2.x used its proprietary, but rather strong encryption algorithm. At least no RAR 2.0 attacks were known except brute force for password recovery. Starting from version 3.0, RAR has been using a strong AES algorithm, which also doesn't allow any attacks more effective than the brute force.
After seeing how to compile John the Ripper to use all your computer's processors now we can use it for some tasks that may be useful to digital forensic investigators: getting around passwords. Today we will focus on cracking passwords for ZIP and RAR archive files. Luckily, the JtR community has done most of the hard work for us. For this to work you need to have built the community version of John the Ripper since it has extra utilities for ZIP and RAR files.For this exercise I have created password protected RAR and ZIP files, that each contain two files.
The password for the rar file is 'test1234' and the password for the zip file is 'test4321'.
In the 'run' folder of John the Ripper community version (I am using John-1.7.9-jumbo-7), there are two programs called 'zip2john' and 'rar2john'. Run them against their respective file types to extract the password hashes:
This will give you files that contain the password hashes to be cracked... something like this:
After, that you can run John the Ripper directly on the password hash files:
You should get a message like:
Loaded 1 password hash (PKZIP [32/64])
. By using John with no options it will use its default order of cracking modes. See the examples page for more information on modes.Notice, in this case we are not using explicit dictionaries. You could potentially speed the cracking process up if you have an idea what the password may be. If you look at your processor usage, if only one is maxed out, then you did not enable OpenMP when building. If you have a multi-processor system, it will greatly speed up the cracking process.
Now sit back and wait for the cracking to finish. On a 64bit quad-core i7 system, without using GPU, and while doing some other CPU-intensive tasks, the password was cracked in 6.5 hours.
Now if you want to see the cracked passwords give john the following arguments:
It should output something like:
Note: the hash file should have the same type of hashes. For example, we cannot put the rar AND zip hashes in the same file. But this means you could try to crack more than one zip/rar file at a time.