Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Aug 2017 21:09:53 +0000
From: Glen B <lucky0106@....com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Custom Windows build 1.8.0.9 - What happened to
 zip2john?

Ah, interesting! If you don't mind me changing the subject slightly, I'm 
really surprised by what came out of zip2john now. Originally when I ran 
it on my zip file, it would return a typical hash line. Now however, it 
creates a massive (~7.1MB) hash file from a ~1.7MB zip file, and john 
still says it can't read the hash. Here's the beginning of the output:

 > 
GBLabs.zip:$pkzip2$1*1*2*0*1c0f72*1ea40d*7830b902*0*29*8*1c0f72*7830*7eee*4d989f74b755ae9409f8da4da1fbb97cd3aa0cf5a9a9f07b7a92fd01d0c3223cab6253af1cbcf6322a6e22edf1bd082c03ed0b083fb35e853c36cff3c3ac355814

And it continues on with this massive hexadecimal string, where it 
eventually ends with this:

 > 89670717610473b4fd3510962114f86*$/pkzip2$:::::..\GBLabs.zip

I'm recognizing parts of this as a typical hash, but what's with this 
new massive hex string? Could this contribute to why john says it can't 
find a hash string out of this?

Glen

On 8/18/2017 12:55 PM, Solar Designer wrote:
> On Fri, Aug 18, 2017 at 07:16:03PM +0000, Glen B wrote:
>> I really liked the earlier versions of JtR that were self-contained and didn't require downloading anything else to be honest.
> This build wasn't meant to require anything extra either.  According to
> what you said, it's just a bug.
>
>> If this is just a symlink though, what is it symlink-ing to? The john binary? If so, couldn't I just run john directly?
> Yes.  You could run "john" directly if you copy or rename it so that
> it'd be called "zip2john".
>
> Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ