Luckyy 
Administrator
Staff
LEVEL 4
90 XP
How to Crack ZIP Passwords Using John the Ripper
Requirements:
Step 1: Install John the Ripper (Jumbo Version)
On Kali Linux or Debian-based systems:
Or compile Jumbo from source:
Step 2: Extract the Hash with zip2john
Step 4 (Optional): Use a Custom Wordlist
With the rockyou.txt wordlist:
With rules:
Step 5: Show the Cracked Password
Troubleshooting:
This guide works for ZIPs using legacy encryption. For stronger encryption like AES, consider GPU-based tools such as hashcat.
Requirements:
- John the Ripper (Jumbo version recommended)
- zip2john (included with Jumbo)
- A password-protected .zip file
Step 1: Install John the Ripper (Jumbo Version)
On Kali Linux or Debian-based systems:
Bash:
sudo apt update
sudo apt install johnOr compile Jumbo from source:
Bash:
git clone https://github.com/openwall/john.git
cd john/src
./configure && make -s clean && make -sj4Step 2: Extract the Hash with zip2john
Bash:
zip2john secret.zip > zip_hash.txtStep 3: Crack the Password with John
Bash:
john zip_hash.txtStep 4 (Optional): Use a Custom Wordlist
With the rockyou.txt wordlist:
Bash:
john --wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txtWith rules:
Bash:
john --wordlist=rockyou.txt --rules zip_hash.txtStep 5: Show the Cracked Password
Bash:
john --show zip_hash.txtTroubleshooting:
- "No password hashes loaded": Check if zip2john output is valid.
- Some ZIPs use AES encryption — try fcrackzip or hashcat instead.
- Always match directory paths or use full paths to files.
This guide works for ZIPs using legacy encryption. For stronger encryption like AES, consider GPU-based tools such as hashcat.
Last edited: