首先将压缩包上传至kali机器,然后使用zip2john命令爆出hash文件
# zip2john license.zip >> passwd.txt
license.zip/license/ is not encrypted!
ver 1.0 license.zip/license/ is not encrypted, or stored with non-handled compression type
ver 2.0 efh 9901 license.zip/license/license.dat PKZIP Encr: cmplen=630, decmplen=2810, crc=5ED111EF
ver 2.0 efh 9901 efh 7075 license.zip/license/licenseʺ³ɵٖ·.txt PKZIP Encr: 2b chk, TS\_chk, cmplen=79, decmplen=53, crc=A6269FCE
NOTE: It is assumed that all files in each archive have the same password.
If that is not the case, the hash may be uncrackable. To avoid this, use
option -o to pick a file at a time.
然后使用john命令,计算hash文件
# john passwd.txt
Warning: invalid UTF-8 seen reading passwd.txt
Using default input encoding: UTF-8 Loaded 1 password hash (ZIP, WinZip [PBKDF2-SHA1 128/128 SSE2 4x])
Will run 6 OpenMP threads
Proceeding with single, rules:Wordlist
Press 'q' or Ctrl-C to abort, almost any other key for status
Almost done: Processing the remaining buffered candidate passwords, if any
Warning: Only 14 candidates buffered for the current salt, minimum 24 needed for performance.
Proceeding with wordlist:/usr/share/john/password.lst, rules:Wordlist **123321** (license.zip/license/license.dat)
1g 0:00:00:01 DONE 2/3 (2019\-08\-13 09:57) 0.5780g/s 16544p/s 16544c/s 16544C/s 123456..Open
Use the "--show" option to display all of the cracked passwords reliably
注意,该行前边的内容即为压缩包的密码
本文来自吾爱破解论坛
https://www.52pojie.cn/thread-984024-1-1.html
https://www.bilibili.com/video/av57617949/