John the Ripper による zip fileのパスワード解析(crack) -> ボツ - end0tknr's kipple - web写経開発

先程の entry 同様、没ネタです。

zipファイルでは、容量と共に、抽出される hash も大きくなりますが、 hashcat では、小さな size(数文字のtext)のhash 以外、解析できないようですので、 諦めました。

hashcat でも GPU を認識はします

PS C:\Users\end0t\tmp\hashcat-6.2.5> .\hashcat.exe -I
hashcat (v6.2.5) starting in backend information mode

CUDA Info:
==========

CUDA.Version.: 11.6

Backend Device ID #1 (Alias: #2)
  Name...........: NVIDIA GeForce RTX 3060
  Processor(s)...: 28
  Clock..........: 1807
  Memory.Total...: 12287 MB
  Memory.Free....: 11281 MB
  PCI.Addr.BDFe..: 0000:30:00.0

OpenCL Info:
============

OpenCL Platform ID #1
  Vendor..: NVIDIA Corporation
  Name....: NVIDIA CUDA
  Version.: OpenCL 3.0 CUDA 11.6.58

  Backend Device ID #2 (Alias: #1)
    Type...........: GPU
    Vendor.ID......: 32
    Vendor.........: NVIDIA Corporation
    Name...........: NVIDIA GeForce RTX 3060
    Version........: OpenCL 3.0 CUDA
    Processor(s)...: 28
    Clock..........: 1807
    Memory.Total...: 12287 MB (limited to 3071 MB allocatable in one block)
    Memory.Free....: 11520 MB
    OpenCL.Version.: OpenCL C 1.2
    Driver.Version.: 511.23
    PCI.Addr.BDF...: 30:00.0

OpenCL Platform ID #2
  Vendor..: Intel(R) Corporation
  Name....: Intel(R) OpenCL HD Graphics
  Version.: OpenCL 3.0

  Backend Device ID #3
    Type...........: GPU
    Vendor.ID......: 8
    Vendor.........: Intel(R) Corporation
    Name...........: Intel(R) UHD Graphics
    Version........: OpenCL 3.0 NEO
    Processor(s)...: 24
    Clock..........: 1100
    Memory.Total...: 6453 MB (limited to 1613 MB allocatable in one block)
    Memory.Free....: 3168 MB
    OpenCL.Version.: OpenCL C 3.0
    Driver.Version.: 30.0.101.1122

OpenCL Platform ID #3
  Vendor..: Intel(R) Corporation
  Name....: Intel(R) OpenCL
  Version.: OpenCL 3.0 WINDOWS

  Backend Device ID #4
    Type...........: CPU
    Vendor.ID......: 8
    Vendor.........: Intel(R) Corporation
    Name...........: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz
    Version........: OpenCL 3.0 (Build 0)
    Processor(s)...: 8
    Clock..........: 1600
    Memory.Total...: 16134 MB (limited to 2016 MB allocatable in one block)
    Memory.Free....: 8035 MB
    OpenCL.Version.: OpenCL C 3.0
    Driver.Version.: 2021.13.11.0.23_160000

hashcat による パスワード解析 - 100KB EXCELでの NG例

hash抽出

PS> ./john-1.9.0-jumbo-1-win64/run/zip2john.exe EXCEL_S.zip > EXCEL_S.hashcat
ver 2.0 EXCEL_S.zip/Book1.xlsx PKZIP Encr: cmplen=76365, decmplen=106981, crc=FFC62F25

【旧】
EXCEL_S.zip/Book1.xlsx:$pkzip2$1*1*2*0*12a4d*1a1e5*ffc62f25*0*28*＜略＞186f*$/pkzip2$:Book1.xlsx:EXCEL_S.zip::EXCEL_S.zip

【新】
$pkzip2$1*1*2*0*12a4d*1a1e5*ffc62f25*0*28*＜略＞186f*$/pkzip2$

パスワード解析

しかし、100KBのexcelのzipでは、 「Status: Exhausted」のままでしたので、諦めました。

PS> cd hashcat-6.2.5
PS> ./hashcat.exe -m 17200 -a 3 -w 4 -S ..\EXCEL_S.hashcat \
       --increment ?a?a?a?a --status
      :         
Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 17200 (PKZIP (Compressed))
Hash.Target......: $pkzip2$1*1*2*0*12a4d*1a1e5*ffc62f25*0*28*8*12a4d*f...kzip2$
Time.Started.....: Fri Feb 11 16:35:33 2022 (20 secs)
Time.Estimated...: Fri Feb 11 16:35:53 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?a?a?a?a [4]
Guess.Queue......: 4/4 (100.00%)
Speed.#1.........:  4156.7 kH/s (25.25ms) @ Accel:512 Loops:1 Thr:32 Vec:1
Speed.#*.........:  4156.7 kH/s
Recovered........: 0/1 (0.00%) Digests
Progress.........: 81450625/81450625 (100.00%)
Rejected.........: 0/81450625 (0.00%)
Restore.Point....: 81450625/81450625 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Host Generator + PCIe
Candidates.#1....: LLx> ->  ~?~
Hardware.Mon.#1..: Temp: 41c Fan:  0% Util: 21% Core: 768MHz Mem:4995MHz Bus:4
Started: Fri Feb 11 16:35:31 2022
Stopped: Fri Feb 11 16:35:55 2022```
PS>

参考url

VMware ESXi 7.0 での GPU パススルー設定手順 - setodaNote