[Music]
hey guys hackersploit here back again
with another video welcome to this new
series that i'm going to be starting i
don't know what i'm going to be calling
it but it's just going to be a series
where i'll be answering your questions
uh in the form of a video right so i get
a lot of questions from you guys uh you
know on various topics uh some of them
related to some of my older videos but
also new topics and uh one of the
questions that i received recently on
twitter was pertaining to my previous or
my one of my older videos on how to
crack
zip and rar archives more specifically
password protected archives
with john the ripper now uh the actual
individual who posted this question
pointed out something very important
that i did not clarify in that video
primarily because uh you know we weren't
there yet or that new version of rar
wasn't released or you know was it
wasn't being used uh you know at that
point in time so
the issue that he was having and you
should be able to see the tweet on your
screen right now is uh is having an
issue with cracking our rar5 archives
password-protected archives
with john the ripper now there is an
issue with john the ripper not really
related to the fact that or not really
related to the process of obtaining the
hash of a particular archive but
actually cracking it so this video is
going to be focused on how to crack uh
zip and rar archives um
with hashcat right and of course we're
going to be utilizing a few john the
ripper utilities like zip to john and
rar to john to essentially obtain
the hashes for these password protected
archives so what i've done here is uh
in my downloads folder you can see that
i have a file called protected.txt
and i'll just open that up as you can
see this is just basic data this is a
very simple example right and what i
want to do is i want to create an
archive right and i'm you know from this
perspective i am currently working as a
you know end user or someone who wants
to create a you know zip or rar archive
that they would like to pass or protect
and then share with someone else right
so i'll create the archive here
and i'm doing this on kali linux um so
the file name uh we can just call it
protected
i don't specify any extension so let's
start off with cracking password
protected zip archives
so for the actual um for for the type of
archive i'm going to specify zip and
under other options i'll specify a
password because i want to keep things
simple
we're just going to use a password like
password three two one
right and i'll hit create and that's
going to create protected.zip so what do
i do now if i wanted to crack this as an
attacker if i find a password protected
zip archive
you can see i'm currently within my
downloads directory the first step would
be to obtain the hash of that archive
right and how can i do this well you
need to have john the ripper installed
and one of the great utilities that
comes with john the ripper is the zip to
john utility this will essentially allow
you to specify the archive so
protected.zip you can then output the
actual hash into a file so i'll call
this ziphash.txt
there we are and i can cap the contents
of ziphash.txt
and you can see this is the actual hash
right so right over here let me see if i
can find that there we are now this
additional information specified at the
beginning and at the end of this hash
is really only useful for john the
ripper because we're going to be using
hash cat we want to get rid of this
information so i'll say vim
zip dot txt and i'll get rid of the
actual
archive name so protector.zip as well as
the file that is within that particular
archive so there we are get rid of that
and at the end of the file i'll also get
rid of um
of the same thing the the actual archive
name
uh or the zip file name as well as uh
the actual file within that particular
zip
zip file so
i'll get rid of that there and we want
to only have the actual type of archive
specified here and this is of course for
you know the purpose of cracking hashes
so
uh i can just leave it as is and i can
write and quit
and we can actually get started with the
cracking process so how would we crack
that particular hash with hashcat well
first things first you need to get an
understanding of how hashcat works so
i'll open up the documentation for
hashgat i def i really recommend that
you go through the documentation because
it'll explain a lot
now before i go through all the modes or
rather yeah i think that's what we're
doing up so before we go through all the
modes we need to get an understanding of
the syntax so you can see right over
here at the top of the documentation
hash cat 6.2.5 the usage is as follows
we specify hashcat options the actual
hash or the file containing the hash
and we then specify the dictionary or
the the word list that we would like to
perform our attack with so
whenever you're cracking a hash with
hash cat you really need to specify the
hash type and that can be done by using
the m option
so you can see this allows you to
specify the hash type and again the way
that hashcat does this is it provides
you with a list of hashes or hash types
and their unique id right so you can see
if i wanted to crack md5 i can specify
the actual hash type as or i can say a
hyphen m and say zero and that will know
or that will tell hashcat that this is
an md5 hash that i want to crack
and in the context of in the context of
a zip file which i'll get to in a second
we can also obtain or get that that
specific hash type in you know by taking
a look at the various hash modes
available the other option that we need
to specify is going to be the attack
mode right so uh the attack mode is
referenced below which i'll get to and
that is specified or denoted using the
hyphen a option
so the attack mode really just
again is just used to specify the type
of attack that you're trying to perform
are you trying to perform uh you know a
simple word list attack are you trying
to perform a brute force attack let me
see if i can find that there so there we
are we have attack mode so you have your
straight uh we have a combination brute
force attack hybrid wordless plus a mask
a hybrid mask plus a word list and an
association attack
so
again
given the fact that we're dealing with a
zip file the most obvious hashtag that
we're dealing with and it did say zip2
which tells us that we're dealing with
winzip now let me see if i can find the
actual winzip id here so i know we have
uh pkzip there and there we are so
that's winzip here so that is
13600 so that's the actual hash mode
that we need to specify all right so in
order to do this with hashcat i'm just
going to say hashcat
and then i specify the attack type in
this case or the attack mode in this
case i'll just perform a direct
a direct attack so i'll say a0 and then
i can specify the mode which in this
case is thirteen thousand six hundred i
then say zip hash.txt or specify the
file that contains the hash and because
i'm performing a uh you know a
dictionary or word list attack i can say
user share i'll specify the word list
that i'm going to use so we'll say we
want to use rocky.txt
so i'll hit enter
give this a couple of seconds
and it looks like it cracked it because
it's a very simple it was a very simple
password that we used and it actually
exists within rocky.txt now i'll be
making separate videos covering how to
utilize the other attack modes but
remember in this case we're just
learning about how to do it
so as you can see here it actually
highlights the password for that zip
archive so password three two one
and we've essentially cracked that
password protected zip archive
all right so now let's take a look at
how to crack a a password protected rar
file or archive if you will now this
will tie into the question the
individual asked me and was having an
issue with right so i'll actually walk
you through that process so
we've already created uh you know we've
taken a look at how to crack the zip
archive so what i'll do is i'll click on
protected.txt and i'll create the
archive
uh so i'll just give that a couple of
seconds there we are
and instead of calling it
passprotected.txt i'll just say
protected.rar so that's what we're
focusing on now as for the password i
can say you know in this case we can say
you know password one two three for
example instead of password three to one
just to show you that this does indeed
work
all right so now that we've generated
the archive the password protected
archive as an attacker what can we do
you know what really is our first step
well we can utilize the utility rar to
john right to get the actual hash and
then i specify
i can then specify the actual archive
here and then output the the actual hash
into its own file so i can say rar hash
or i can just say you know yeah we can
just call it rawhashes.txt
and i can hit enter so this is what was
happening so let me just cut out the
contents of that hash
right is you can see that it's utilizing
rar5 instead of r3 now john the ripper
as far as i know can actually crack our
five uh hashes but uh i'll i'll actually
show you what the problem was so in my
previous video on how to crack you know
rare and zip files or archives with john
the ripper i specified or said that you
can you know you can say john and then
the format in the case of rar is you
know format equal rar
and then specify the actual file that
contains the hash so i'll hit enter and
this was the issue and this is the issue
that people have been getting right is
it'll tell you that no password hashes
are loaded which is very weird because
again we generated the hash with you
know rar to john now this will again
this won't work even if you get rid of
the the actual file or archive name
that's been appended at the beginning of
the actual hash
now again as i said i don't really know
if there's a fix for this all i can show
you or demonstrate is how to crack this
hash with uh hashcat so
what we can do here
is uh let me just modify this uh the
actual hash itself and let me get rid of
the the actual archive name at the
beginning because whenever you're
cracking with hashcat we really don't
need any of that um so there we are so
that's done so how do we crack it with
hashcat uh the only thing we need to
change really here is going to be the
mode right
or the hash type if you will
when cracking zip archives we used the
we used the the actual hash mode uh
13600
in this case because we're cracking rar
5 we're going to be using 13 000 i
believe so let me just take a look at
the various uh modes here the hash modes
and we are looking for um
let me see if i can actually find this
is usually very there we are so thirteen
thousand that's r5 if you're cracking
uh rar three uh archive then again you
can specify the various hash modes here
that's one of the reasons why i actually
recommend that you use hashcat moving
forward because you know it has great
documentation and you won't run into the
issues that you know you've been running
into if you followed the previous video
so uh in this case we can try and use
the default attack mode so you know we
can also perform a brute force any of
the other modes
um so what i'll do is i'll say hash cat
and we'll say the hash mode or the hash
type is 13 000
and then we can specify rar hashes dot
txt and then the word list that i'm
gonna use is under user share
word lists uh word lists rockq.txt i'll
hit enter
and uh
let's see whether yeah so there we are
that was cracked in a few seconds for
obvious reasons that i've just explained
i specified a dictionary file that
contains the password already so it's
going to be much faster
now of course as i said hashcat is quite
an advanced tool that allows you to
generate you know your own word list
based on specific parameters and that
can be done by specifying the character
set as you can see here and i'll be
making another video that will cover
that process but i just wanted to
showcase how this can be done or how you
can crack password protected zip and rar
archives uh with hashcat
so again uh this is again just going to
be a very simple series where i'll be
answering your questions in video format
let me know what you guys think if you
like this series if you'd like me to
continue
you know working on this series and yeah
that's going to be it for this video
thank you very much for watching if you
have any feedback or questions leave
them in the comments section and i'll be
seeing you in the next
video huge thank you to all of our
patreons uh your support is greatly
appreciated and this is a formal thank
you so thank you shamir douglas ryan
carr sandor michael busby sids up doozy
defean barry dustin empress and michael
hubbard your support is greatly
appreciated and you keep us making even
more high quality content for you guys
so thank you
[Music]