LabEx
Log InJoin For Free

Crack ZIP Passwords in John the Ripper

Beginner
Practice Now

Introduction

In this lab, you will learn to crack password-protected ZIP files using John the Ripper, an essential cybersecurity tool for penetration testing. You'll practice extracting hashes from ZIP files and performing both dictionary and brute-force attacks to recover passwords.

The lab provides hands-on experience with installing John the Ripper, creating test files with weak passwords, and verifying cracked credentials. Through this exercise, you'll understand the vulnerabilities of weak passwords and the importance of strong encryption in file security.

Skills Graph

Install John the Ripper

In this step, you will install John the Ripper, a powerful password cracking tool widely used in cybersecurity. Before we begin, let's understand what John the Ripper does: it helps security professionals test password strength by trying different combinations (brute-force) or using wordlists (dictionary attacks) to guess passwords.

The LabEx VM environment comes pre-configured with all required dependencies, making installation straightforward. We'll use Ubuntu's package manager (apt) which handles software installations and updates.

  1. First, we need to update the package list. This ensures your system knows about the latest available versions of all software:

    sudo apt update

    The sudo command gives you administrator privileges, while apt update refreshes the list of available packages.

  2. Now install John the Ripper with this command:

    sudo apt install john -y

    The -y flag automatically confirms the installation, saving you from having to type 'yes' during the process.

  3. After installation completes, let's verify everything works correctly by checking the installed version:

    john --version

    You should see output similar to:

    John the Ripper 1.9.0-jumbo-1

This version check confirms John the Ripper is ready for use. In upcoming steps, we'll use this tool to demonstrate how password-protected ZIP files can be vulnerable to cracking attempts. Ensure you see the version number before moving forward, as this indicates successful installation.

Create a PasswordProtected ZIP

In this step, you will create a password-protected ZIP file that we'll use to practice password cracking in subsequent steps. ZIP is a common archive format that supports password protection to secure sensitive files. Understanding how to create protected ZIPs is fundamental since many real-world systems use this method for file security.

  1. First, let's create a sample text file to protect. We'll use a simple text file for demonstration purposes:

    echo "This is a secret file" > secret.txt

    This command creates a new file called secret.txt containing the text "This is a secret file". The > symbol redirects the output of the echo command into the file.

  2. Now we'll create a password-protected ZIP file using the zip utility. The -e flag enables encryption. We're using "password123" as our example password for learning purposes (note that this is a weak password and should never be used in real scenarios):

    zip -e secret.zip secret.txt

    The command will prompt you twice to enter and verify the password. This double-entry helps prevent typos in your password:

    Enter password:
Verify password:

  3. Let's verify the ZIP file was created successfully. The ls -l command shows detailed information about files in the current directory:

    ls -l secret.zip

    You should see output similar to this, showing the file exists and its size/timestamp:

    -rw-r--r-- 1 labex labex 210 May 10 10:00 secret.zip

  4. Finally, let's test the password protection by attempting to extract the file without providing the password. This confirms our ZIP file is properly secured:

    unzip secret.zip

    The system should prompt for a password and display an error if you either enter the wrong password or cancel the operation.

This protected ZIP file will serve as our test case in the next steps where we'll extract its hash and attempt to crack the password using John the Ripper. Creating this test file yourself helps you understand both sides of the security process - how protection is applied and how it can be tested.

Extract the ZIP Hash

In this step, you will extract the cryptographic hash from the password-protected ZIP file we created earlier. This process converts the ZIP's security information into a format that John the Ripper can understand and process for password cracking.

  1. First, let's navigate to our working directory and verify the ZIP file exists. This ensures we're working with the correct file in the right location:

    cd ~/project
ls secret.zip

  2. Now we'll use John the Ripper's specialized tool called zip2john. This utility extracts the password hash from ZIP files in a format that John can crack. The > symbol redirects the output to a new file:

    zip2john secret.zip > zip_hash.txt

  3. Let's view the extracted hash to understand what information was captured. The cat command displays file contents in the terminal:

    cat zip_hash.txt

    You should see output similar to this example (your actual hash will differ):

    secret.zip:$pkzip$1*2*2*0*1c*1a*5e9b8f7d*0*42*0*1c*5e9b*55dc*secret.txt*$/pkzip$

  4. The hash contains several important components:

    • secret.zip: The original ZIP filename
    • $pkzip$: Identifies this as a PKZIP format hash
    • The long string of numbers and letters: The actual encrypted password data
    • secret.txt: The name of the file inside the ZIP archive

This extracted hash file now contains all the necessary information about the ZIP's password protection, formatted specifically for John the Ripper to process. In the next step, we'll use this hash file to attempt password recovery through various cracking methods.

Run John to Crack It

In this step, you will use John the Ripper to attempt cracking the password for the ZIP file we protected earlier. John is a powerful password cracking tool that works by trying different password combinations against the hash we extracted. The hash is like a digital fingerprint of your password that John can analyze without needing the original ZIP file.

  1. First, ensure you're in the correct directory with the hash file. This is important because John needs to access the hash file we created in the previous step:

    cd ~/project
ls zip_hash.txt

    The ls command simply lists files to confirm zip_hash.txt exists in your current directory.

  2. Now we'll run John the Ripper with the PKZIP format specified, since we're working with a ZIP file. The --format=PKZIP flag tells John what type of encryption to expect:

    john --format=PKZIP zip_hash.txt

  3. John will display real-time progress as it attempts different password combinations. In our case, since we used a weak password ("password123"), the cracking should complete almost instantly. Here's what the successful output looks like:

    Loaded 1 password hash (PKZIP [32/64])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
password123      (secret.zip)
1g 0:00:00:00 DONE (2023-05-10 10:00) 50.00g/s 50.00p/s 50.00c/s 50.00C/s password123
Use the "--show" option to display all of the cracked passwords reliably
Session completed

    The "1g" indicates John tested 1 guess, and "password123" is the cracked password.

  4. To view the cracked password in a clean format, we use the --show option. This command displays all successfully cracked passwords from the hash file:

    john --show zip_hash.txt

    You'll see output like this:

    secret.zip:password123:secret.txt:secret.zip

    This output shows four pieces of information separated by colons: the ZIP filename, the cracked password, the file contained in the archive, and the archive name again.

Now that we have the password, we can proceed to verify it actually works with our original ZIP file in the next step. This verification is crucial because it confirms our cracking process was successful.

Confirm the Password

In this final step, you will verify that the password cracked by John the Ripper actually works to extract the protected ZIP file. This confirmation step is crucial in real-world security assessments to validate cracking results. Think of it like testing a key you've found - you need to actually try opening the lock to confirm it works.

  1. First, let's check the cracked password from the previous step. The following command displays the passwords John has successfully cracked:

    john --show zip_hash.txt

    You should see output similar to this, showing the filename, cracked password, and contents:

    secret.zip:password123:secret.txt:secret.zip

  2. Now we'll test if this password actually works by trying to extract the ZIP file. The unzip command is the standard tool for extracting ZIP archives in Linux:

    unzip secret.zip

    The system will prompt you for the password. Enter "password123" (the one we just cracked):

    Archive:  secret.zip
[secret.zip] secret.txt password:

  3. After entering the correct password, we should verify two things: that the file was extracted, and that its contents match what we expect. These commands list files in the directory and display the secret file's contents:

    ls
cat secret.txt

    You should see the following, confirming successful extraction:

    This is a secret file

  4. Finally, it's good practice to clean up extracted files when you're done testing. This keeps your workspace tidy and prevents accidental reuse of test files in future exercises:

    rm secret.txt

This successful extraction confirms that John the Ripper correctly cracked the ZIP password. In a real security assessment, this verification step is essential before reporting findings. It proves that the cracked password wasn't just a theoretical match, but actually provides access to the protected content.

Summary

In this lab, you have learned how to install John the Ripper through the apt package manager and verify its successful setup. You also practiced creating a password-protected ZIP file with a sample text document to simulate real-world password cracking scenarios.

The exercise introduced fundamental cybersecurity assessment techniques by demonstrating the preparation of a target file for password cracking. These initial steps, including tool installation and security validation, provide the essential foundation for advanced password recovery operations.