今天，我将教大家如何破解Windows机器上受保护的.ZIP文件的密码。为了更好地理解，我创建了一个名为“secret.zip”的受密码保护的ZIP文件，如下所示。我们将在本文中一步一步地破解它的密码。

由于ZIP文件对密码的错误尝试没有限制，我们将使用一个名为“John the Ripper”的工具对其进行暴力破解，而不是猜测它。按照下面的步骤在Windows计算机上成功安装它。

John the Ripper是一个开源的密码安全审计和密码恢复工具，适用于许多操作系统。

分步安装：

1. 1. 导航到https://www.openwall.com/john/。由于我在64位Windows机器上，我将安装“jumbo-1 64位Windows二进制文件”。

下载后，解压缩ZIP文件。

导航到下载文件中的“run”文件夹并找到“zip2john.exe”。

在当前文件夹（/run）中打开CMD并输入以下命令：

zip2john.exe target.zip

我们可以看到文件哈希，我们将使用它来破解目标文件的密码。

要将此哈希文件保存到当前文件夹，请运行以下命令：

zip2john.exe target.zip > hash

现在，在记事本中打开哈希文件。

运行以下命令：

john hash

我们已经成功破解了密码。

更快破解密码与自定义单词列表

制作自己的自定义单词列表或使用自定义单词列表很简单-只需考虑目标可能用作密码的内容，例如他们名字或最喜欢的爱好。也可以在GitHub或SecLists等网站上找到免费的单词列表来获得一些想法。然后，你使用这些单词使用相同的过程来猜测密码。

使用SecLists获取自定义PassWordlist

SecLists是用于道德黑客和网络安全的单词列表的强大资源。Dorks是在搜索引擎上查找特定信息的搜索查询。转到SecLists GitHub存储库：https://github.com/danielmiessler/SecLists。

点击“Code”，然后“下载ZIP”，以获得整个集合。

然后我们就拥有了一个基于自定义搜索条件的自定义单词列表。此列表可用于进一步的密码破解。

使用指南

你可以在下载的文件中的“doc”文件夹中找到破解其他文件的使用指南。

Cracking ZIP files with JtR Jumbo
=================================

1. Run zip2john on password protected .zip file(s).

E.g. $ ../run/zip2john target.zip > hash

2. Run john on the output of zip2john.

E.g. $ ../run/john hash

3. Wait for the password to get cracked.
Cracking PDF files with JtR
---------------------------

1. Run pdf2john.pl on the .pdf file(s).

E.g. $ ../run/pdf2john.pl test.pdf > hashes

2. Run john on the output of pdf2john.pl program.

E.g. $ ../run/john hashes
Cracking Tezos keys with JtR Jumbo
==================================

1. Run tezos2john.py and provide it with the required data. Run tezos2john.py
without any options to see the usage instructions.

E.g. $ ../run/tezos2john.py 'put guide flat machine express cave hello connect stay local spike ski romance express brass' '[email protected]' 'tz1eTjPtwYjdcBMStwVdEcwY2YE3th1bXyMR' > hashes

E.g. $ ../run/tezos2john.py 'monster crack glance favorite humble group bone grid clock bottom employ gold jelly fatigue tragic' '[email protected]' 'tz1Zgd3LHuryw6rBzsQKnBMVqu99KzWankj8' >> hashes

The passwords for these sample hashes are "4FGU8MpuCo" and "VPhvU2LgyJ" respectively.

2. Run john on the output of tezos2john.py script.

E.g. $ ../run/john hashes

3. Wait for the password(s) to get cracked.
Cracking password protected ssh private keys
============================================

1. Build JtR-jumbo

2. Run ssh2john.py on SSH private key file(s)

3. Run john on the output of step 2.
Cracking bitcoin-qt (bitcoin) wallet files with john
====================================================

1. Run bitcoin2john.py on bitcoin wallet file(s).

E.g. $ ../run/bitcoin2john.py wallet.dat >> hashes

2. Run john on the output of bitcoin2john.py script.

E.g. $ ../run/john hashes

3. Wait for the password(s) to get cracked.
This document is about cracking password protected BitLocker encrypted
volumes with JtR.

Step 1: Extract the hash
------------------------

In order to use the BitLocker-OpenCL format, you must produce a well-formatted
hash from your BitLocker encrypted image. Use the bitlocker2john tool to
extract hashes from password protected BitLocker encrypted volumes. It returns
four output hashes with different prefixes:

* If the device was encrypted using the User Password authentication method,
bitlocker2john prints these two hashes:
* $bitlocker$0$... : it starts the User Password fast attack mode
* $bitlocker$1$... : it starts the User Password attack mode with MAC verification (slower execution, no false positives)

* In any case, bitlocker2john prints these two hashes:
* $bitlocker$2$... : it starts the Recovery Password fast attack mode
* $bitlocker$3$... : it starts the Recovery Password attack mode with MAC verification (slower execution, no false positives)

Hash extraction example,

$ ../run/bitlocker2john minimalistic.raw # operate on a disk image
Signature found at 0x00010003
Version: 8
Invalid version, looking for a signature with valid version...
Signature found at 0x02110000
Version: 2 (Windows 7 or later)
VMK entry found at 0x021100b6
Key protector with user password found
minimalistic.raw:$bitlocker$0$16$e221443f32c419b74504ed51b0d66dbf$1048576$12$704e12c6c...

Instead of running bitlocker2john directly on BitLocker encrypted devices
(e.g. /dev/sdb1), you may use the dd command to create a disk image of a
device encrypted with BitLocker

$ sudo dd if=/dev/disk2 of=disk_image conv=noerror,sync
+4030464+0 records in
+4030464+0 records out
+2063597568 bytes transferred in 292.749849 secs (7049013 bytes/sec)

For further details about User Password and Recovery Password attacks, please
refer to the Wiki page: http://openwall.info/wiki/john/OpenCL-BitLocker.

Step 2: Attack!
---------------

Use the BitLocker-OpenCL format specifying the hash file:

$ ./john --format=bitlocker-opencl --wordlist=wordlist target_hash

Currently, this format is able to evaluate passwords having length between 8
(minimum password length) and 55 characters.

The mask you can use to generate Recovery Passwords is:

-mask=?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d

Links
-----

Samples BitLocker images for testing are available at,

* https://github.com/kholia/libbde/tree/bitlocker2john/samples
* https://github.com/e-ago/bitcracker/tree/master/Images

Samples of User Password/Recovery Passwords dictionaries are available at
https://github.com/e-ago/bitcracker/tree/master/Dictionary

More information on BitLocker cracking can be found at,

* http://openwall.info/wiki/john/OpenCL-BitLocker
* https://github.com/e-ago/bitcracker
Cracking Mozilla Firefox, Thunderbird and SeaMonkey master passwords
====================================================================

1. Run mozilla2john.py on key3.db file.
./mozilla2john /some/path/key3.db > mozilla.in

2. Run john on output of mozilla2john.
./john mozilla.in

3. Wait for master password to get cracked.