How to Brute Force a Password Protected Rar/zip file using John the Ripper



Brute forcing a Zip file or a Rar file requires a wordlist or a dictionary file which can be used to start a trail and error method of checking password or a hash. If the password from the dictionary or the wordlist matches the password of the password protected file, it opens or else you need to try using a different wordlist or if you can think of something special kind of wordlist – you can generate one using Crunch tool. There are many tools to generate wordlist – but Crunch and CUPP are my favourite.
In this post we are going to see how to crack/ brute force a password protected rar file or a zip file using john the ripper, which is one of the most widely used and most useful tool for cracking a huge variety of files. 

THIS IS CREATED FOR EDUCATIONAL & ETHICAL PURPOSE, AUTHOR IS NOT RESPONSIBLE FOR ANY ILLEGAL ACTIVITIES DONE BY THE VISITORS


So, What is John The Ripper:

John the Ripper is an open source tool used to check for weak credentials and can also be used for cracking passwords. John The Ripper makes use of the wordlists to brute force the credentials, it can take direct strings and check them as passwords for the given hashes or files. John the Ripper can modify/alter the passwords in the dictionary and use it as a passphrase to check.

Before we start the crack I recommend you to download a better wordlist from any of the sources or you can create your own wordlist using crunch and John the Ripper Community version which got a lot of plugins (Add-ons) which are very useful for cracking.

Cracking a Password Protected Rar/Zip File using John The Ripper:


Step 1.  Download and Open John the Ripper



Step 2.  Right click anywhere in the Directory and click on “Open in Terminal”
Step 3.  Type the Following commands
  cd run 

Step 4. Now we need to create a hash for the file that you want to hack. To create the hash and save the hash into a file – Type the command
  Zip2john  LocationOfTheFile/filename.zip yourfile.txt

Step 5. To view the hash type ; type the name of the file that you saved the hash into.
   cat yourfile.txt

Step 6.  We need to crack the hash using john the ripper. Here for example I am using the default wordlist by john the ripper. To start cracking the password of the zip file, type the following command. John checks all the passphrases from the wordlist and shows the output ASAP.
john yourfile.txt



Step 7.  If you want to use your own wordlist, all you need to do is add -wordlist=filename.txt to the command. For example it looks like the command below
     john -wordlist= /usr/share/wordlists/rockyou.txt anyfile.txt

Well, that’s how you crack a zip file or a rar file using john the ripper. Pretty simple, cracking the password using john is the fastest way and getting the password varies on the complexity of the password used. It is not possible to crack the password all the file, if the password is not in the wordlist that you used – it’s just a waste of time :P. Choose your wordlist wisely or if possible create your own wordlist using crunch or CUPP.



===============       HACKING DREAM      =================

Main Principle of My Hacking Dream is to Promote Hacking Tricks and Tips to All the People in the World, So That Everyone will be Aware of Hacking and protect themselves from Getting Hacked. Hacking Don’t Need Agreements.

I Will Be Very Happy To Help You, So For Queries or Any Problem Comment Below or You Can Mail Me At Bhanu@HackingDream.net


Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

1 comment:

Suleman said...

Brother I face something like:
"Only 8 candidates buffered for the current salt, minimum 16 needed for performance"
please help me to solve this.
i am trying to crack rar(protected) file.
Thanks.

Post a Comment