Written by Jack Lloyd
Using John the Ripper
1. Understand how this method works. John the Ripper is a free, command line-based program that can be used to crack passwords. Unfortunately, while it is free, it can be tricky to install and use.
2. Download John the Ripper. Go to http://www.openwall.com/john/ in your computer’s web browser, then click the John the Ripper 1.8.0-jumbo-1 (Windows binaries, ZIP, 34 MB) link in the “community enhanced version” section near the bottom of the page.
3. Extract John the Ripper. Double-click the downloaded ZIP folder, click the Extract tab, click Extract all, click Extract, and wait for the window to open.
4. Install John the Ripper. John the Ripper can’t be installed like normal programs, but you can install it to your desktop by moving its folder there and then renaming it to “john”:
In the extracted window which opens, click the “john180j1w” folder.
Open your desktop, then press Ctrl+V.
Right-click the folder, then click Rename
Type in john and press ↵ Enter.
5. Place your ZIP folder in the John the Ripper “run” folder. Copy the folder by clicking it and pressing Ctrl+C, then open the “john” folder, open the “run” folder, click a blank space, and press Ctrl+V.
6. Open Command Prompt. This is your computer’s command line program:
Type in command prompt
Click Command Prompt at the top of the Start window.
7. Change the directory to John the Ripper’s “run” folder. Type in cd desktop/john/run and press ↵ Enter.
8. Enter the “run” command. Type in zip2john.exe name.zip > name.hash (making sure to replace “name” with the name of your ZIP folder) and press ↵ Enter.
For a ZIP folder named “hello”, for example, you’d type zip2john.exe hello.zip > hello.hash here.
9. Define the ZIP folder’s hash. Type in name.hash (where “name” is the name of your hash file) and press ↵ Enter. At this point, you’re ready to begin cracking the password.
10. Begin cracking the password. Type in john.exe –pot=name.pot –wordlist=john/run/password.lst name.hash and press ↵ Enter. John the Ripper will begin comparing your ZIP folder’s password to its database of passwords.
You’ll need to replace “name” in both “name.pot” and “name.hash” with your ZIP folder’s name.
The “password.lst” file contains a list of passwords and their permutations.
11. Prompt the cracked password to display. Once the password has been determined, you’ll see “Session complete” appear at the bottom of Command Prompt. At this point, you can type in type name.pot (again, substitute your folder’s name for “name”) and press ↵ Enter to view the password for the ZIP folder.