How To Crack ZIP & RAR Files With Hashcat

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hey guys hackersploit here back again with another video welcome to this new series that i'm going to be starting i don't know what i'm going to be calling it but it's just going to be a series where i'll be answering your questions uh in the form of a video right so i get a lot of questions from you guys uh you know on various topics uh some of them related to some of my older videos but also new topics and uh one of the questions that i received recently on twitter was pertaining to my previous or my one of my older videos on how to crack zip and rar archives more specifically password protected archives with john the ripper now uh the actual individual who posted this question pointed out something very important that i did not clarify in that video primarily because uh you know we weren't there yet or that new version of rar wasn't released or you know was it wasn't being used uh you know at that point in time so the issue that he was having and you should be able to see the tweet on your screen right now is uh is having an issue with cracking our rar5 archives password-protected archives with john the ripper now there is an issue with john the ripper not really related to the fact that or not really related to the process of obtaining the hash of a particular archive but actually cracking it so this video is going to be focused on how to crack uh zip and rar archives um with hashcat right and of course we're going to be utilizing a few john the ripper utilities like zip to john and rar to john to essentially obtain the hashes for these password protected archives so what i've done here is uh in my downloads folder you can see that i have a file called protected.txt and i'll just open that up as you can see this is just basic data this is a very simple example right and what i want to do is i want to create an archive right and i'm you know from this perspective i am currently working as a you know end user or someone who wants to create a you know zip or rar archive that they would like to pass or protect and then share with someone else right so i'll create the archive here and i'm doing this on kali linux um so the file name uh we can just call it protected i don't specify any extension so let's start off with cracking password protected zip archives so for the actual um for for the type of archive i'm going to specify zip and under other options i'll specify a password because i want to keep things simple we're just going to use a password like password three two one right and i'll hit create and that's going to create protected.zip so what do i do now if i wanted to crack this as an attacker if i find a password protected zip archive you can see i'm currently within my downloads directory the first step would be to obtain the hash of that archive right and how can i do this well you need to have john the ripper installed and one of the great utilities that comes with john the ripper is the zip to john utility this will essentially allow you to specify the archive so protected.zip you can then output the actual hash into a file so i'll call this ziphash.txt there we are and i can cap the contents of ziphash.txt and you can see this is the actual hash right so right over here let me see if i can find that there we are now this additional information specified at the beginning and at the end of this hash is really only useful for john the ripper because we're going to be using hash cat we want to get rid of this information so i'll say vim zip dot txt and i'll get rid of the actual archive name so protector.zip as well as the file that is within that particular archive so there we are get rid of that and at the end of the file i'll also get rid of um of the same thing the the actual archive name uh or the zip file name as well as uh the actual file within that particular zip zip file so i'll get rid of that there and we want to only have the actual type of archive specified here and this is of course for you know the purpose of cracking hashes so uh i can just leave it as is and i can write and quit and we can actually get started with the cracking process so how would we crack that particular hash with hashcat well first things first you need to get an understanding of how hashcat works so i'll open up the documentation for hashgat i def i really recommend that you go through the documentation because it'll explain a lot now before i go through all the modes or rather yeah i think that's what we're doing up so before we go through all the modes we need to get an understanding of the syntax so you can see right over here at the top of the documentation hash cat 6.2.5 the usage is as follows we specify hashcat options the actual hash or the file containing the hash and we then specify the dictionary or the the word list that we would like to perform our attack with so whenever you're cracking a hash with hash cat you really need to specify the hash type and that can be done by using the m option so you can see this allows you to specify the hash type and again the way that hashcat does this is it provides you with a list of hashes or hash types and their unique id right so you can see if i wanted to crack md5 i can specify the actual hash type as or i can say a hyphen m and say zero and that will know or that will tell hashcat that this is an md5 hash that i want to crack and in the context of in the context of a zip file which i'll get to in a second we can also obtain or get that that specific hash type in you know by taking a look at the various hash modes available the other option that we need to specify is going to be the attack mode right so uh the attack mode is referenced below which i'll get to and that is specified or denoted using the hyphen a option so the attack mode really just again is just used to specify the type of attack that you're trying to perform are you trying to perform uh you know a simple word list attack are you trying to perform a brute force attack let me see if i can find that there so there we are we have attack mode so you have your straight uh we have a combination brute force attack hybrid wordless plus a mask a hybrid mask plus a word list and an association attack so again given the fact that we're dealing with a zip file the most obvious hashtag that we're dealing with and it did say zip2 which tells us that we're dealing with winzip now let me see if i can find the actual winzip id here so i know we have uh pkzip there and there we are so that's winzip here so that is 13600 so that's the actual hash mode that we need to specify all right so in order to do this with hashcat i'm just going to say hashcat and then i specify the attack type in this case or the attack mode in this case i'll just perform a direct a direct attack so i'll say a0 and then i can specify the mode which in this case is thirteen thousand six hundred i then say zip hash.txt or specify the file that contains the hash and because i'm performing a uh you know a dictionary or word list attack i can say user share i'll specify the word list that i'm going to use so we'll say we want to use rocky.txt so i'll hit enter give this a couple of seconds and it looks like it cracked it because it's a very simple it was a very simple password that we used and it actually exists within rocky.txt now i'll be making separate videos covering how to utilize the other attack modes but remember in this case we're just learning about how to do it so as you can see here it actually highlights the password for that zip archive so password three two one and we've essentially cracked that password protected zip archive all right so now let's take a look at how to crack a a password protected rar file or archive if you will now this will tie into the question the individual asked me and was having an issue with right so i'll actually walk you through that process so we've already created uh you know we've taken a look at how to crack the zip archive so what i'll do is i'll click on protected.txt and i'll create the archive uh so i'll just give that a couple of seconds there we are and instead of calling it passprotected.txt i'll just say protected.rar so that's what we're focusing on now as for the password i can say you know in this case we can say you know password one two three for example instead of password three to one just to show you that this does indeed work all right so now that we've generated the archive the password protected archive as an attacker what can we do you know what really is our first step well we can utilize the utility rar to john right to get the actual hash and then i specify i can then specify the actual archive here and then output the the actual hash into its own file so i can say rar hash or i can just say you know yeah we can just call it rawhashes.txt and i can hit enter so this is what was happening so let me just cut out the contents of that hash right is you can see that it's utilizing rar5 instead of r3 now john the ripper as far as i know can actually crack our five uh hashes but uh i'll i'll actually show you what the problem was so in my previous video on how to crack you know rare and zip files or archives with john the ripper i specified or said that you can you know you can say john and then the format in the case of rar is you know format equal rar and then specify the actual file that contains the hash so i'll hit enter and this was the issue and this is the issue that people have been getting right is it'll tell you that no password hashes are loaded which is very weird because again we generated the hash with you know rar to john now this will again this won't work even if you get rid of the the actual file or archive name that's been appended at the beginning of the actual hash now again as i said i don't really know if there's a fix for this all i can show you or demonstrate is how to crack this hash with uh hashcat so what we can do here is uh let me just modify this uh the actual hash itself and let me get rid of the the actual archive name at the beginning because whenever you're cracking with hashcat we really don't need any of that um so there we are so that's done so how do we crack it with hashcat uh the only thing we need to change really here is going to be the mode right or the hash type if you will when cracking zip archives we used the we used the the actual hash mode uh 13600 in this case because we're cracking rar 5 we're going to be using 13 000 i believe so let me just take a look at the various uh modes here the hash modes and we are looking for um let me see if i can actually find this is usually very there we are so thirteen thousand that's r5 if you're cracking uh rar three uh archive then again you can specify the various hash modes here that's one of the reasons why i actually recommend that you use hashcat moving forward because you know it has great documentation and you won't run into the issues that you know you've been running into if you followed the previous video so uh in this case we can try and use the default attack mode so you know we can also perform a brute force any of the other modes um so what i'll do is i'll say hash cat and we'll say the hash mode or the hash type is 13 000 and then we can specify rar hashes dot txt and then the word list that i'm gonna use is under user share word lists uh word lists rockq.txt i'll hit enter and uh let's see whether yeah so there we are that was cracked in a few seconds for obvious reasons that i've just explained i specified a dictionary file that contains the password already so it's going to be much faster now of course as i said hashcat is quite an advanced tool that allows you to generate you know your own word list based on specific parameters and that can be done by specifying the character set as you can see here and i'll be making another video that will cover that process but i just wanted to showcase how this can be done or how you can crack password protected zip and rar archives uh with hashcat so again uh this is again just going to be a very simple series where i'll be answering your questions in video format let me know what you guys think if you like this series if you'd like me to continue you know working on this series and yeah that's going to be it for this video thank you very much for watching if you have any feedback or questions leave them in the comments section and i'll be seeing you in the next video huge thank you to all of our patreons uh your support is greatly appreciated and this is a formal thank you so thank you shamir douglas ryan carr sandor michael busby sids up doozy defean barry dustin empress and michael hubbard your support is greatly appreciated and you keep us making even more high quality content for you guys so thank you [Music]

Info

Channel: HackerSploit

Views: 207,752

Rating: undefined out of 5

Keywords: hackersploit, hacker exploit, hacking, kali linux, hashcat, hashcat hacking, hashcat brute force, hashcat zip file crack, hashcat zip password, hashcat rar password recovery, password cracking software, password cracking tools, password cracking tutorial, password cracking windows 10, password cracking rig, password cracking usb, password cracking cmd, password cracking with hydra, password cracking hashcat, hashcat tutorial, how to crack zip file password

Id: IHoH05IMBe4

Channel Id: undefined

Length: 13min 20sec (800 seconds)

Published: Wed Feb 02 2022