zip2john
Extract password hashes from ZIP archives
TLDR
Extract the password hash from an archive, listing all files in the archive
Extract the password hash using [o]nly a specific compressed file
Extract the password hash from a compressed file to a specific file (for use with John the Ripper)
SYNOPSIS
zip2john [ZIP_FILE] > [HASH_FILE]
PARAMETERS
[ZIP_FILE]
The path to the ZIP archive file from which to extract the password hash.
[HASH_FILE]
The file to write the extracted hash string to. If not specified, the hash is printed to standard output.
DESCRIPTION
zip2john is a command-line tool used to extract password hashes from ZIP archive files. This allows you to attempt to crack the ZIP archive's password using password cracking utilities like John the Ripper (hence the name). It analyzes the ZIP file structure and extracts the necessary cryptographic information required for password cracking, such as the encryption type (e.g., traditional ZipCrypto, AES) and the encrypted data. The output of zip2john is a hash string that can be fed directly into John the Ripper or similar tools.
It's important to note that zip2john itself does not crack the password; it only prepares the data for cracking. The actual password cracking process is performed by a separate program. zip2john supports different ZIP encryption methods, but its effectiveness in extracting crackable hashes depends on the encryption algorithm used and the quality of the password. Note that zip2john only extracts one hash from the zip file. If you are trying to crack an archive that consists of multiple encrypted files, only the first encrypted file will be used for the password crack. If the first file is not the one that you were trying to crack, you might need to recreate the archive to have the desired encrypted file be first inside the archive.
CAVEATS
zip2john's success depends on the encryption method used in the ZIP file. Some strong encryption methods might not be easily crackable, or even supported.
RETURN VALUES
zip2john returns 0 on success. A non-zero value is returned if the program encounters an error.
EXAMPLE
To extract the hash from a ZIP file named 'secret.zip' and save it to a file named 'secret.hash', you would use the command: zip2john secret.zip > secret.hash
HISTORY
zip2john was primarily developed to facilitate password cracking of ZIP archives using John the Ripper. It's been part of the John the Ripper suite for a long time and has been updated to support various ZIP encryption schemes as they emerged.
SEE ALSO
john(1)