Cracking Archives with Hashcat Made Easy

How To Crack ZIP & RAR Files With Hashcat

Estimated read time: 1:20

    Summary

    In this video, HackerSploit introduces a new series aimed at answering viewers' questions through tutorials, starting with how to crack password-protected ZIP and RAR files using Hashcat. The video responds to a viewer's query about issues with cracking RAR5 archives using John the Ripper. HackerSploit walks through the process of extracting hashes from ZIP and RAR files and demonstrates using Hashcat with different hash modes and attack types to effectively retrieve the archive passwords. Emphasis is placed on understanding Hashcat's syntax and utilizing its documentation.

      Highlights

      • A new series on HackerSploit's channel focuses on answering frequently asked questions. 🌟
      • Tutorial covers extracting hashes from archives using 'zip2john' and 'rar2john' utilities. 🔍
      • Shows how to modify hashes for compatibility with Hashcat, bypassing issues found in other tools. 🔧
      • Demonstrates selecting appropriate hash types and modes, crucial for successful cracking. 🔑
      • HackerSploit emphasizes reading the Hashcat documentation for maximum tool effectiveness. 📚

      Key Takeaways

      • HackerSploit kicks off a Q&A series by addressing common queries, starting with file cracking tutorials. 🎥
      • Learn how to effectively crack ZIP and RAR archives using tools like Hashcat and John the Ripper. 🔓
      • Understand the importance of different hash modes and attack types when using Hashcat for cracking. 🧠
      • Watch a practical demonstration of using Hashcat to crack archives, showcasing its versatility and depth. 🎳
      • HackerSploit encourages viewer interaction and feedback to tailor future content. 🔄

      Overview

      HackerSploit is launching an exciting series where they'll answer your tech questions with hands-on tutorials. This episode kicks off with a topic that many tech enthusiasts encounter—cracking password-protected archives. By responding to queries about RAR5 and ZIP file cracking, the episode serves as a practical guide for those looking to secure—or break into—their personal archives.

        The tutorial walks viewers through the essential steps of hash extraction for ZIP and RAR files using John the Ripper utility functions like 'zip2john' and 'rar2john'. With clear, engaging instructions, HackerSploit explains how to clean up these hashes and prepare them for use in Hashcat, bypassing common roadblocks such as errors or limitations experienced in other cracking software.

          Armed with the right hash and attack settings, viewers can see first-hand how Hashcat effectively cracks these archives. HackerSploit’s infectious curiosity and detailed explanation encourage viewers to delve into Hashcat’s robust documentation to make the most of this powerful tool. Wrapped up with viewer-centric engagement, this episode is both an instructional resource and an invitation for feedback on upcoming topics.

            Chapters

            • 00:00 - 01:30: Introduction and Series Explanation The chapter introduces a new video series by Hack Exploit, who plans to answer viewer questions in video format. The host mentions receiving various questions related to both previous videos and new topics, although the series name has not been decided yet.
            • 01:30 - 03:00: Issues with Cracking ZIP & RAR Files Using John the Ripper The chapter begins with the speaker mentioning a recent query received on Twitter. The query relates to an older video made by the speaker, which demonstrates how to crack password-protected ZIP and RAR files using John the Ripper. The individual who posted the question highlighted an important detail that was not clarified in the original video. The speaker notes that this was because, at the time of making the video, the new version of RAR was not yet available or in use.
            • 03:00 - 08:30: Using Hashcat to Crack ZIP Files In Chapter 'Using Hashcat to Crack ZIP Files', the focus is on cracking password-protected ZIP and RAR archives. Initially, there is a discussion about issues encountered when trying to crack RAR5 archives using John the Ripper, which has problems not directly related to obtaining the hash, but in cracking it. The chapter then shifts its attention to using Hashcat as a method for cracking ZIP and RAR archives effectively.
            • 08:30 - 12:30: Using Hashcat to Crack RAR Files This chapter discusses using Hashcat in combination with John the Ripper utilities to crack password-protected RAR files. The speaker explains how to obtain hashes for these archives using tools like Zip to John and raar to John. As a practical example, the speaker mentions having a file named 'protected.txt' in the downloads folder, which contains simple data. The goal is to demonstrate the process of creating and then cracking a protected archive.
            • 12:30 - 13:30: Conclusion and Audience Engagement The chapter discusses the perspective of an end user who aims to create and password-protect a ZIP or RAR archive for sharing purposes. Using Kali Linux, the process of archiving is demonstrated. The specific file name chosen for this demonstration is 'protected'. The chapter also starts delving into the topic of cracking password-protected ZIP archives.

            How To Crack ZIP & RAR Files With Hashcat Transcription

            • 00:00 - 00:30 [Music] hey guys hack exploit here back again with another video Welcome to this new series that I'm going to be starting I don't know what I'm going to be calling it but it's just going to be a series where I'll be answering your questions uh in the form of a video right so I get a lot of questions from you guys uh you know on various topics uh some of them related to some of my older videos but also on new topics and uh one of the
            • 00:30 - 01:00 questions that I received recently on Twitter was pertaining to my previous or my one of my older videos on how to crack uh ZIP and raar archives more specifically password protected archives uh with John the Ripper now uh the actual individual who posted this question pointed out something very important that I did not clarify in that video primarily because uh you know we weren't there yet or that new version of raar wasn't released or you know wasn't wasn't being used uh you know at that
            • 01:00 - 01:30 point in time so the issue that he was having and you should be able to see the tweet on your screen right now is uh he's having an issue with cracking uh raar five archives password protected archives uh with John the Ripper now there is an issue with John the Ripper not really related to the fact that or not really related to the process of obtaining the hash of a particular archive but actually cracking it so this video is going to be focused on how to crack uh ZIP and raar archives um with
            • 01:30 - 02:00 hashcat right and of course we're going to be utilizing a few John the Ripper utilities like Zip to John and raar to John to essentially obtain uh the hashes for these password protected archives so what I've done here is uh in my downloads folder you can see that I have a file called protected. txt and I'll just open that up as you can see this is just basic data this is a very simple example right and what I want to do is I want to create an archive right and I'm
            • 02:00 - 02:30 you know from this perspective I am currently working as a you know end user or someone who wants to create a you know zip or raar archive that they would like to Poss protect and then share with someone else right so I'll create the archive here and I'm doing this on Cali Linux um so the file name uh we can just call it uh protected I don't to specify any extension so let's start off with cracking password protected zip archives so for the actual um for for the type of
            • 02:30 - 03:00 archive I'm going to specify zip and under other options I'll specify a password because I want to keep things simple where we're just going to use a password like password 321 right and I'll hit create and that's going to create protected. zip so what do I do now if I wanted to crack this as an attacker if I find a password protected zip archive um you can see I'm currently within my downloads directory the first step would be to obtain the hash of that archive right and how how can I do this well you need to have John the Ripper in installed and one of the
            • 03:00 - 03:30 great utilities that comes with John the Ripper is the zip to John utility this will essentially allow you to specify the archive so protected. zip you can then output the actual hash into a file so I'll call this Zip has. txt There we are and I can cap the contents of zip has. EXT and you can see this is the actual hash right so right over here let me see if I can find that there we are now this additional information specified at the beginning and at the
            • 03:30 - 04:00 end of this hash is really only useful for John the Ripper because we're going to be using hashcat we want to get rid of this information so I'll say Vim uh ZIP has. txt and I'll get rid of the actual archive name so protector. zip as well as the file that is within that particular archive so there we are I'll get rid of that and at the end of the file I'll also get rid of um of the same thing the the actual archive name uh or
            • 04:00 - 04:30 the zip file name as well as uh the actual file within that particular zip U zip file so I'll get rid of that there and we want to only have the actual type of archive specified here and this is of course for you know the purpose of cracking hashes so uh I can just leave it as is and I can write and quit and we can actually get started with the cracking process so how would we crack that particular hash with hashcat well first things first you need to get an
            • 04:30 - 05:00 understanding of how hashcat works so I'll open up the documentation for hashcat I def I really recommend that you go through the documentation because it'll explain a lot now before I go through all the modes or rather yeah I think that's what we're doing yeah so before we go through all the modes we need to get an understanding of the syntax so you can see right over here at the top of the documentation hashcat 6.2.5 the usage is as follows we specify hash cat options the actual hash or the
            • 05:00 - 05:30 file containing the hash and we then specify the dictionary or the the word list that we would like to perform our attack with so whenever you're cracking a hash with hashcat you really need to specify the hash type and that can be done by using the M option so you can see this allows you to specify the hash type and uh again the way that hash CAD does this is it provides you with a list of hashes or hash types and their unique ID right so you you can see if I wanted
            • 05:30 - 06:00 to crack md5 I can specify the actual hash type as or I can say hyphen M and say zero and that will know or that will tell hashcat that this is an md5 hash that I want to crack and in the context of um in the context of a zip file which I'll get to in a second we can also obtain or get that uh that specific hash type in um you know by taking a look at the various hash modes available the other option that we need to specify is going to be the attack mode mode right so uh the
            • 06:00 - 06:30 attack mode is referenced below which I'll get to and that is specified or denoted uh using the hyphen a option so the attack mode really just uh again is just used to specify the type of attack that you're trying to perform are you trying to perform uh you know a simple word list attack are you trying to perform a Brute Force attack let me see if I can find that there so there we are we have attack mode so you have your straight uh we have a combination Brute Force attack hybrid wordless plus a mask uh hybrid mask plus a word list and an
            • 06:30 - 07:00 association attack so uh again given the fact that we're dealing with a zip file the most obvious hash type that we're dealing with and it did say zip 2 which tells us that we're dealing with windzip now let me see if I can find the actual windzip ID here so uh I know we have uh pkzip there and there we are so that's windzip here so that is 13,600 so that's the actual hash mode that we need to specify all right so in order to do this with hashcat I'm
            • 07:00 - 07:30 just going to say hashcat and then I specify the attack type in this case or the attack mode in this case I'll just perform a direct um a direct attack so I'll say uh a Zer and then I can specify the mode which in this case is 13,600 I then say zip has. txt I'll specify the file that contains the hash and because I'm performing a uh you know a dictionary or word list attack I can say user share I'll specify the word list that I'm going to use so we'll say
            • 07:30 - 08:00 we want to use rockyou.txt so I'll hit enter uh give this a couple of seconds and uh it looks like it cracked because it's a very simple uh it was a very simple password that we used and it actually exists within rockyou.txt now I'll be making separate videos covering how to utilize the other attack modes but remember in this case we we're just learning about how to do it so as you can see here it actually highlights the password for that zip archive so password 321 and that we've essentially
            • 08:00 - 08:30 cracked that password protected zip archive all right so now let's take a look at how to crack a um a passord protected raar file or archive if you will now this will tie into the question the individual asked me and was having an issue with right so I'll actually walk you through that process so we've already created uh you know we've taken look at how to crack the zip archive so what I'll do is I'll click on protected. txt and I'll create the archive uh so I'll just give that a couple of seconds there we are
            • 08:30 - 09:00 and instead of calling it pass protected. txt I'll just say protected. RAR so that's what we're focusing on now as for the password I can say you know in this case we can say you know password 1 to 3 for example instead of password 3:1 just to show you that this does indeed work all right so now that we've generated the archive the password protected archive as an attacker what can we do you know what really is our first step well we can utilize the utility RAR to John right to get the actual hash and then I specify
            • 09:00 - 09:30 I can then specify the actual raar archive here and then output the the actual hash into its own file so I can say raar hash um or I can just say you know yeah we can just call it RAR hases txt and I can hit enter so this is what was happening so I let me just cut out the contents of that hash right is you can see that it's utilizing RAR five instead of RAR 3 now John the Raper as far as I know can actually crack RAR five uh hashes but uh I'll actually show
            • 09:30 - 10:00 you what the problem was so in my previous video on how to crack you know raren zip files or archives with John the riper I specified or said that you can you know you can say John and then the format in the case of RAR is you know format equal RAR and then specify the actual file that contains the hash so I'll hit enter and this was the issue and this is the issue that people have been getting right is it'll tell you that no password hashes are loaded which is very weird because again we generated the hash with you know raar to John now
            • 10:00 - 10:30 this will again this won't work even if you get rid of the uh the actual file or archive name that's been appended at the beginning of the actual hash now uh again as I said I don't really know if there's a fix for this all I can show you or demonstrate is how to crack this hash with a hashcat so what we can do here is uh let me just modify this uh the actual hash itself and let me get rid of the uh the actual archive name at the beginning because whenever you're
            • 10:30 - 11:00 cracking with hashcat we really don't need any of that um so there we are so that's done so how do we crack it with hashcat uh the only thing we need to change really here is going to be the mode right uh or the hash type if you will uh when cracking zip archives we used the uh we used the the actual hash mode uh 13,600 in this case because we're cracking RAR 5 we're going to be using 13,000 I believe so let me just take a look at the various uh modes here the hash modes and we are looking for um let
            • 11:00 - 11:30 me see if I can actually find this is usually very there we are so 13,000 that's RAR five if you're cracking uh raar 3 Archive then again you can specify the various hash modes here that's one of the reasons why I actually recommend that you use hashcat moving forward because you know it has great documentation and you won't run into the issues that you know you've been running into if you followed the previous video so uh in this case we can try and use the default attack mode so you know we
            • 11:30 - 12:00 can also perform a Brute Force any of the other modes um so what I'll do is I'll say hashcat and we'll say the hash mode or the hash type is 13,000 and then we can specify RAR hashes dxt and then the word list that I'm going to use is under user share word lists uh word lists rockyou.txt I'll hit enter and um let's see whether yeah so there we are that was cracked in a few seconds for obvious reasons that I've just explained I specified a
            • 12:00 - 12:30 dictionary file that contains the password already so it's going to be much faster now of course as I said hashcat is quite an advanced tool that allows you to generate uh you know your own word list based on specific parameters and that can be done by specifying the character set as you can see here and I'll be making another video that'll cover that process uh but I just wanted to Showcase how this can be done or how you can crack Pass protected zip and raar archives uh with hashcat so again uh this is again just
            • 12:30 - 13:00 going to be a very simple Series where I'll be answering your questions in video format uh let me know what you guys think if you like this series if you like me to continue uh you know working on this series uh and yeah that's going to be it for this video thank you very much for watching if you have any feedback or questions leave them in the comment section and I'll be seeing you in the next video a huge thank you to all of our patreons your support is greatly appreciated and this is a formal thank you so thank you Shamir Douglas right car sandor Michael Busby sidab doozy
            • 13:00 - 13:30 deim Bari Dustin umpr and Michael hubard your support is greatly appreciated and you keep us making even more high quality content for you guys so thank you [Music]