2Eki
John The Ripper hash does not correlate with hashcat example hash
I want to recover a zip password using hashcat.
hashcat requires the hash of the desired password.
In order to obtain it, I have tried using zip2john using:
sudo zip2john /home/kali/Desktop/myfile.zip > hash.txt
It works and outputs a hash.
This hash however is not accepted by hashcat. hashcat responds:
Token length exception: This error happens if the wrong hash type is specified, if the hashes are malformed, or if input is otherwise not as expected (for example, if the --username option is used but no username is present).
hashcat provides sample hashes here.
This is a sample for 17230 PKZIP (Mixed Multi-File Checksum-Only):
17230 PKZIP (Mixed Multi-File Checksum-Only) $pkzip2$8*1*1*0*8*24*a425*8827*3bd479d541019c2f32395046b8fbca7e1dca218b9b5414975be49942c3536298e9cc939e*1*0*8*24*2a74*882a*537af57c30fd9fd4b3eefa9ce55b6bff3bbfada237a7c1dace8ebf3bb0de107426211da3*1*0*8*24*2a74*882a*5f406b4858d3489fd4a6a6788798ac9b924b5d0ca8b8e5a6371739c9edcfd28c82f75316*1*0*8*24*2a74*882a*1843aca546b2ea68bd844d1e99d4f74d86417248eb48dd5e956270e42a331c18ea13f5ed*1*0*8*24*2a74*882a*aca3d16543bbfb2e5d2659f63802e0fa5b33e0a1f8ae47334019b4f0b6045d3d8eda3af1*1*0*8*24*2a74*882a*fbe0efc9e10ae1fc9b169bd060470bf3e39f09f8d83bebecd5216de02b81e35fe7e7b2f2*1*0*8*24*2a74*882a*537886dbabffbb7cac77deb01dc84760894524e6966183b4478a4ef56f0c657375a235a1*1*0*8*24*eda7*5096*40eb30ef1ddd9b77b894ed46abf199b480f1e5614fde510855f92ae7b8026a11f80e4d5f*$/pkzip2$
Comparing the example hash with mine, I can see that my hash does not have the end tag "pkzip2$" that the sample has:
Instead, my hash looks like this:
myfile.zip:$pkzip$8*1*1*0*8*24*bdae*db55ccbb4755f932af13cf003b4802ea1e2d93252ccd26316948238020ac2c32440f1f29*1*0*8*24*0b8e*5d9c394b2507ad74f27b67516b11acfd08b1d9e9c5e4bffa6713020fecfcb96bfbdf589c*1*0*8*24*53a5*f83e4a0439cdf10b713af7ccf604f415e9f04acc62098377b4983dec949e505b72cced11*1*0*8*24*2141*7704629e2e71a5b6044e10e6a7fd388eeb70436f01eff5fed9ce3280b32c44ed69f717c0*1*0*8*24*3469*503bfcda12b4de4f3c40201916c231af688d6138009ed74d66962fce06ee37110156949f*1*0*8*24*751c*90ca685ebb73443728d1059b54b657bb74d127e3e67af50e3c5184c6a42a32bbc3acd67d*1*0*8*24*91cf*2157f6687e542bd29e02f3535b7b7563a21608840629a2899106b23400d608805efea88a*2*0*186*1b4*80af8cec*114f9*2f*8*186*80af*e63ea9772b193f79ed0aeea25484f91a569edc64a1e0c18d6f4d26327bcd5645f08bda0b7cb783044b6d53cb0e87d47b6ab9654cb81e6f0029d427d24ec02b1bff3fce4363bc94014e10a483002826f1ab8dfbb89dc22d92dc45eec2236fb7712108ef0f3c4eaac85206cb71ef6020110bbd7c4194c0daa20283ec028da88f46ce48977b7717941adb743c61094f74736e3ebaea62c522880ed8e4ca8d050b5debdd47e8d906011859ef4b7e455b871cb2dfebe87e110b40872836d33d137cf576a0b3dce838c19ff66cf3e515ecf7818382f71537f08b1edaa3452b286a5c1848fbe58ef1dd05b6b3054cd183f9878a578ebdd63c6ace1681e253e5b8735fe7d1ca94c4b9c08ee7d06b6cd9fc43bfd1e8b6dcb2073cd86301c02e4c980c90475526f48a7b43797af54b814e2a5c9e3f491655d3c575a4c2a9a6cd10ff53806ea08b8bc4e9518bd7158ff9a4c6ec24eff8274b4d8c4ea7cef6bae419f08c493c42243519afad2c1c40aa55c4266591ad1f9ce8abd921323193088dbe782b4ac30d87c02b5387*$/pkzip$
I have simply changed "pkzip$" to "pkzip2$", but that didn't help.
What could I check / do next?
