hey what's up everyone my name is Jason
Turley and in today's video I'm going to
show you how to crack password protected
zip files on windows so you see here on
my desktop I have two zip files I can
click on them
and it shows me what's in there
paperwork dot text and tax info dot text
but if I try to open either one of these
by double clicking
it prompts me to enter a password
let's just do password one two three
that's not correct
I can try to extract it somewhere
but again it asks me for the password
which I don't have
so cancel
and it creates this empty folder
so that's not helpful
and same for pictures.zip
double click I can't open anything the
password protected cancel cancel all
right so there's the problem what is the
solution
instead of just endlessly guessing
passwords we can use a password cracking
tool let me open one here such as John
the Ripper so search John the Ripper
on DuckDuckGo
and click on the first result from
openwall.com
John the Ripper is an open source
password security auditing and password
recovery tool for many operating systems
we're going to be using John the Ripper
Jimbo
but they also have a pro version a paid
version for Linux Mac windows and even
Android phones which is really neat
you can get some swag here some T-shirts
but we're going to scroll down here
download the latest John the Ripper
jumbo release
I'm on Windows 64-bit operating system
if you're not sure if you're a 64-bit or
32-bit you're likely 64-bit but you can
search quickly
by typing system info
click on that
it'll bring up this system summary and
we see here that I am x64 based if you
have the 7-Zip utility installed click
on this first link if not if you just
have regular zip
which is the default install this we see
that the
seven zipped one is much smaller so
click here
it's going to ask you where you want to
download it let's just put it on our
desktop
save
then it's downloading
let's right click 7zip extract here
that's going to do its thing we see this
new folder popped up here
John then the version number 1.9.0
I don't need this anymore I can delete
that 7-Zip archive double click on this
and the folder pops up there's a readme
file
we can right click edit with notepad
plus plus or just regular Notepad
and you can read up all about the tool
here it shows you how to install it how
to use it
but I'm also going to be going over that
today so minimize that
anything I love about John the Ripper
and open wall and everyone is
contributed to this amazing tool is the
documentation so click on Doc and then
you make this a little bit bigger
there's documentation for pretty much
everything you would want to do and they
have individual readme files for the
different kinds of format you want to
crack so we want to crack zip files so
I'm going to scroll all the way to the
bottom
and right here we see readme zip dot txt
let's open that up and it tells us
exactly how to do it in Windows so run
zip to John
on the password protected zip files and
then redirect the output that's what the
skater means to a file called hash
and then simply run John on whatever
that output is
so let's do that
if we want to confirm we can go to run
scroll down we see john.exe that's the
actual password cracking tool and then
down here we see zip to John convert the
zip file format to something that John
can read and understand so to do that
let me open up command prompt CMD
click there
it puts me in my user directory with CD
into your desktop
slash John
slash run
or if that's too confusing
you can just CD and click here
copy
and paste it in
and we're in the same directory I can do
a dir and showcase everything that we
have here
so zip to John
let me make this a little bit bigger
and I want to go up two directories
to my documents let's just hit enter
and it prints out some information it
says version 2.0 my documents.zip
paperwork.txt and tax info.txt those are
the two files that we saw earlier
some more information about them and
this is what we care about here this is
the unique hash right here this pkzip
dollar sign that's what we're going to
feed to John
so hit the up Arrow
greater than sign let's just call this
hash one
but we don't want to put it there we
want to put it on our desktop
hash one
we see it prints here
you double click
open it and notepad plus plus or regular
notepad doesn't matter
and there it is that's what we're going
to feed to John to crack it
now simply let's clear the screen CLS
John
and then I believe I can just drag this
and paste it here there we go
smash the enter key
it's loading
it's running you can ignore These
Warnings they don't really matter and
here it is Pokemon
how did it know that how did I figure
that out
well when you run John with no arguments
just John and then the name of the hash
file it'll first try your username and
then your full name
and in the name of your home directory
and if none of that works it's going to
go into word list mode we can see right
here proceeding with word list
password.lst rules alert list
so John comes with the built in word
list that it will use to crack the
passwords we'll get into more about word
lists in just a second but let's make
sure this password actually works
Pokemon
so let's click here
extract all
yes that's fine
Pokemon
all right open up paperwork.txt
there we go generic paperwork file it
looks good to me open up tax info like
And subscribe please do that
Bang Bang
all right so that's this one
I can delete that zip file now I don't
really care about it let's do the same
thing for pictures.zip
so is it to John
let me just drag this paste it in here
unzip this
you see it's a lot more text this time
probably because they're pictures
they're not just flat text files they
only have like
three words in them
so this is huge
their screen
let's redirect that
let's just call it hash two
let's open up hash two just to confirm
yep pictures.zip that's the name of it
and we see all that good hashing info
and at the very end we see the two files
computer fire and keyboard Warrior looks
good to me let's run John again
on hash two
enter
we see here word list or uh we see here
proceeding with a single
that's what I said earlier it's going to
try the username
your full name
in your home directory
next up is going to try password.list
which is its built-in password list it
didn't find anything so next it's going
to try incremental ASCII meaning it's
going to try let me open up notepad it's
going to try something like this
C and then just so on and so forth
throughout the entire alphabet until it
guesses it right so then it Cycles
through it'll do like b-a-a-a-a
and so on and so forth so this will take
forever
this might never finish running
so I'm hit Ctrl and C on my keyboard to
kill it to stop it
because I have a better technique let's
go back to a web browser
and this time we're going to look for
something called SEC lists
set lists site
GitHub
.com
again we want the first result
seclist is a security tester's companion
it's a collection of multiple types of
lists user and security assessments
collected in one place list types
include usernames passwords URLs
sensitive data patterns fuzzing payloads
web shows and many many more so that's a
lot so we can look through here this is
a website called GitHub
for uploading and sharing code
completely free to use super awesome
tool so we see these different folders
and then these different files down here
is the readme you can read up more about
it
how to install it from the command line
but we're not going to worry about that
we're going to go to usernames uh
forgive me we're going to go to
passwords click there because we want to
guess the password
and these are the results of numerous
common passwords passwords found in data
breaches passwords found on the dark web
we see here dark web 2017 top 10 we can
click on that
and these are the top 10 passwords
in 2017 that people had one two three
four five six
password qwerty abc123
even though this was 2017 I guarantee
there's a lot of people who still use
these passwords we can go back
and we can we can pick whatever
some are more popular than others
all right we can do
zadonet 10 million
top 1000
I think these are kind of just fun to
look through so if you ever have some
free time you can see some common
passwords you can see monkey see let me
in I can't read that one on YouTube or
that one either
we see killer and trust no one Jordan
this is just blank
so we could use that however
I know for a fact the person who made
this password protected zip file really
likes the weather they really like the
seasons in particular so I'm going to
use Seasons Dot txt
click here
and we see it's just the different
seasons of the year
in lead speak so instead of spring spr
ing there's a dollar sign for the S and
there's a one for the I and just goes on
and on we see there's over 5000 lines
for spring and summer and winter and
fall and they had special characters on
the end they do capitalization
so we're going to use this
so you can download this file a few ways
you can use Powershell invoke web
request and get it that way
or we can just do raw so raw will show
just the file with no like pretty
formatting we're going to control a
copy it
open up Notepad
paste it in
save it
let's pop this on our desktop
seasons.txt
now we're here we're back in John the
Ripper let's see John
Tech
word list
before I do that let's do attack H for
help I should have done this earlier so
forgive me we see tact word list word
list mode read words from a file or from
standard input
and then there's a lot more options if
you know the format of the hash you
could specify that here
I'm going to clear the screen CLS John
Tech
support list
equals this
we want to crack this hash
smash the enter key
and wow in less than a second
we see done in zero seconds that was
incredibly fast
summer
2022 pound so we can grab that right
click to copy it
open up pictures
tracks yep right there
and paste in the password
and then we get computer fire
in the keyboard Warrior
bonus points if you can tell what videos
I use these photos in so there you have
it those are two ways
to use John the Ripper which is a very
very powerful password cracking tool you
can use it not just for zip files you
can use it for hashes you could use it
on Linux you can use it on Mac
system passwords
database passwords but in my case I used
a the zip file
so we use zip2jon to convert it
John will use its single mode it'll use
its built-in work list and if it doesn't
get that it'll try incremental which is
Brute Force gets everything under the
sun that will take all day so that's not
really good for using on your home
computer that would be great on like a
cluster or like a server that has a
bunch of unlimited resources
that didn't work for the second one so
we used our own worth list from
seclist by Daniel miesler
so I encourage you guys to go to
seclists on their just look around
and see what you can find you know
there's tons of passwords there's tons
of default logins there's things for
fuzzing
there's things for common usernames
common payloads it's a really really
amazing tool that's why it's widely used
in the security community and that's why
I have so many stars and so many
contributors to it
that'll do it for this video guys
remember to leave a like comment
subscribe let me know if you found this
useful if you want to see more content
like this in the future take it easy and
have yourself a good one
[Music]
thank you