Welcome to my Blog, in today's tutorial I'm going to write on how to crack zip files password on Your Android phone using John the ripper, it's going to be a straight to the point Article, make sure you read till the end and watch the tutorial video at the end of the article to see how this is done in practical.
Prerequisites:
Termux
Procedures:
1. To install John, you need a functioning Linux OS terminal, so the first thing we do is install a Linux OS CLI on our phone, to do that we need Termux, you can learn how to install Termux by reading this Article.
2. After installing Termux, launch the application and update it's terminal with the command,
pkg update
3. After updating your terminal, the next thing you do is install proot-distro, do that with the command
pkg install proot-distro
4. Now install any of the Linux OS in the proot-distro list that you prefer, but I do prefer Ubuntu, so I install Ubuntu with the command
proot-distro install ubuntu
5. Once Ubuntu has been successfully installed, you can always login in to the distro with the command
proot-distro login ubuntu
6. After logging in to Ubuntu, Update your Terminal with the command
apt update
7. Now we install some important dependencies on the distro, do that with the command
apt install git build-essential libssl-dev zlib1g-dev yasm pkg-config libgmp-dev libpcap-dev libbz2-dev
8. As soon as this packages are installed, clone in John the ripper to your Terminal, with the command
git clone https://github.com/openwall/john
9. Once the repository has been cloned in your terminal, configure it by using the command below.
cd john/src ; ./configure ; make -s clean && make -sj4
By taking All of the steps above and using the commands just as you see them, you have successfully installed John the ripper On your Android phone.
Cracking passwords
It is important that we create a folder in our internal storage, specifically for the purpose of password cracking, let us assume that I created a folder and named it "johnc" I'm going to move my encrypted zip file into that folder, then access the folder through Termux, a practical example will be shown below
To crack zip passwords with John the ripper, you'd have to access the special folder you created for cracking on Termux, you can locate internal storage files in the shared directory on Termux.
Give storage permission to Termux with the command.
termux-setup-storage
After giving storage permission to Termux, locate the file you created. using "johnc" as an example, the command to locate it is the command below.
cd storage/shared/johnc
After locating this folder, print the working directory, as we'd use it to give our Linux distro access to the file, the command for that is pwd
Give access to it on your Linux distro with the command
ln -s /data/data/com.termux/files/home/storage/shared/johnc
Remember to replace johnc with any name you chose to create your own specific folder with.
Getting the hash password
Before proceeding to cracking, we need to get the hash password of our encrypted file as the final cracking is going to be done with the hashed password. To do that switch sessions back to Ubuntu and change your working directory to the run folder in John the ripper.
cd John/run
To extract hash use the command.
./zip2john /root/johnc/cracktutorial.zip > /root/johnc/ziphash.txt
- zip2john is the tool that extracts the hash password
- johnc in the above command represent the folder my compressed zip file is located in
- cracktutorial.zip represents the encrypted zip file
- (>) Specifies that we want the extracted hash to be saved to a specific folder/directory
- ziphash.txt represent the name of the file the hash password is going to be stored
Now that the hash has been extracted, we can proceed to cracking, assuming that you used the same procedures as me, and all of your file name is the same with mine, then the command to crack the above hash extracted will be.
./john --format=zip /root/johnc/ziphash.txt
- john is the tool that cracks the extracted hash
- --format=zip specifies that our extracted hash and the password we hope to crack is a zip password
- /root/johnc/ziphash.txt specifies the directory in which our hash password is saved in
After using the command above, your zip password should be cracked.
NOTE
The harder the compressed file password is, the longer it takes for John the ripper to finish cracking, so let John take it's time. Good luck!