hashkill icon indicating copy to clipboard operation
hashkill copied to clipboard

Published 20 hours ago verified publisher icon gat3way

zip plugin does not display the password after brute forcing it successfully

Open blshkv opened this issue 11 years ago • 4 comments

I know the password and wanted to test how long will it take to brute force it. So I ran:

bash$ hashkill -p zip -c -f encrypted.zip -b5:5:ualpha

[hashkill] Version 0.3.1 [hashkill] Scheduler initialized. [hashkill] Plugin 'zip' loaded successfully [hashkill] File encrypted.zip loaded successfully [hashkill] CPU features: SSE2 SSE3 [hashkill] Detected 4 CPUs. [hashkill] GPU acceleration available, but -c option was provided. Running on CPUs would likely be slower. [hashkill] Bruteforce charset (size=26): ABCDEFGHIJKLMNOPQRSTUVWXYZ [hashkill] Spawned 4 threads. [hashkill] Attack has O(n) complexity [hashkill] Initialized hash bitmaps

[hashkill] Attack took 1 seconds. [hashkill] Bye bye :)

what's wrong?..

blshkv avatar Oct 04 '13 03:10 blshkv

I suspect the file was encrypted under Mac OSX.

zip info: Zip archive data, at least v1.0 to extract

and first two headers:

00000 LOCAL HEADER #1       04034B50
00004 Extract Zip Spec      0A '1.0'
00005 Extract OS            00 'MS-DOS'
00006 General Purpose Flag  0000
00008 Compression Method    0000 'Stored'
0000A Last Mod Time         43445390 'Fri Oct  4 10:28:32 2013'
0000E CRC                   00000000
00012 Compressed Length     00000000
00016 Uncompressed Length   00000000
0001A Filename Length       0004
0001C Extra Length          001C
0001E Filename              'tmp/'
00022 Extra ID #0001        5455 'UT: Extended Timestamp'
00024   Length              0009
00026   Flags               '03 mod access'
00027   Mod Time            524E27CF 'Fri Oct  4 10:28:31 2013'
0002B   Access Time         524E27EE 'Fri Oct  4 10:29:02 2013'
0002F Extra ID #0002        7875 'ux: Unix Extra Type 3'
00031   Length              000B
00033   Version             01
00034   UID Size            04
00035   UID                 000001F5
00039   GID Size            04
0003A   GID                 00000014

0003E LOCAL HEADER #2       04034B50
00042 Extract Zip Spec      0A '1.0'
00043 Extract OS            00 'MS-DOS'
00044 General Purpose Flag  0000
00046 Compression Method    0000 'Stored'
00048 Last Mod Time         4342A964 'Wed Oct  2 21:11:08 2013'
0004C CRC                   00000000
00050 Compressed Length     00000000
00054 Uncompressed Length   00000000
00058 Filename Length       0014
0005A Extra Length          001C
0005C Filename              'tmp/seg_10-4-191-13/'
00070 Extra ID #0001        5455 'UT: Extended Timestamp'
00072   Length              0009
00074   Flags               '03 mod access'
00075   Mod Time            524C1B6B 'Wed Oct  2 21:11:07 2013'
00079   Access Time         524E27EE 'Fri Oct  4 10:29:02 2013'
0007D Extra ID #0002        7875 'ux: Unix Extra Type 3'
0007F   Length              000B
00081   Version             01
00082   UID Size            04
00083   UID                 000001F5
00087   GID Size            04
00088   GID                 00000014

blshkv avatar Oct 04 '13 03:10 blshkv

Looks like a flaw in the decompression part. Still no solution to that. P.S may I have the file in question and the right password to validate?

gat3way avatar Oct 31 '13 22:10 gat3way

I've requested a test file from the same person, here it is: http://speedy.sh/UusQV/Help-help-the-sky-is-falling.zip (testtest)

However, the error is similar with issue #43 now:

hashkill -p zip -c -f Help-help-the-sky-is-falling.zip

[hashkill] Version 0.3.1 [hashkill] CPU features: SSE2 SSE3 [hashkill] Scheduler initialized. [hashkill] Plugin 'zip' loaded successfully hashkill Cannot load file: 0.zip, exiting!

blshkv avatar Nov 08 '13 13:11 blshkv

Yep, I see the problem now. hashkill expects to find at least one file in the archive that is compressed, however the archive contains a single stored file (uncompressed). I will soon fix that.

gat3way avatar Nov 08 '13 14:11 gat3way