[prev in list] [next in list] [prev in thread] [next in thread] 

List:       john-users
Subject:    Re: [john-users] Path in hash?
From:       magnum <john.magnum () hushmail ! com>
Date:       2016-09-04 15:01:16
Message-ID: 79aedaa5e88d99fedbc269cb14f742a2 () smtp ! hushmail ! com
[Download RAW message or body]

On 2016-09-04 13:21, Florian Pelgrim wrote:
> I'm struggeling to gain the used encryption method and which program was
> used.
> 
> I tried to match the hash to some other hashes but I did not found any
> archive hash which uses the path inside the hash.
> 
> I'm running john-1.8.0-jumbo-1 and the output from zip2john is:
> test3.zip:$zip2$*0*1*0*edda46c4e04bcef3*da68*25ef89*ZFILE*/root/test3.zip*1e8784e*1e87899*1ae93ae8ab72ff1f51e2*$/zip2$:::::test3.zip
> 

This is a zip hash (as opposed to pkzip, which is different). The full 
zip file is needed when running john, so the full path is stored (and 
you must not move the file from /root). In latest Jumbo (on github) this 
has changed - file data is always inlined as a "hash" making that input 
file potentially huge, and there's no dependency on the original zip file.

> Can someone tell me what kind of hash this is and how to figure it out
> on my own?

Just run john without the --format option and it should pick the correct 
format.

magnum


[prev in list] [next in list] [prev in thread] [next in thread]