Back to Details

crack-7z-hash

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Crack 7z Hash

破解7z哈希

Overview

概述

This skill provides a systematic approach for extracting and cracking password hashes from 7z encrypted archives. It covers hash extraction, tool selection, attack strategies, and verification procedures for password recovery tasks.
本技能提供从加密7z归档文件中提取并破解密码哈希的系统化方法,涵盖哈希提取、工具选择、攻击策略及密码恢复任务的验证流程。

When to Use This Skill

适用场景

  • Recovering passwords from encrypted 7z archives
  • CTF challenges involving 7z password cracking
  • Authorized penetration testing or security assessments
  • Forensic analysis requiring access to protected 7z files
  • 从加密7z归档文件中恢复密码
  • 涉及7z密码破解的CTF挑战
  • 授权渗透测试或安全评估
  • 需要访问受保护7z文件的取证分析

Workflow

工作流程

Step 1: Identify and Analyze the Target

步骤1:识别并分析目标

Before attempting to crack any hash, gather information about the target:
  1. Verify the file type: Confirm the target is actually a 7z archive
    bash
    file target.7z
  2. Check archive properties: Examine encryption method and compression settings
    bash
    7z l -slt target.7z
  3. Note the encryption type: 7z typically uses AES-256 encryption. Understanding the encryption method informs tool selection and expected cracking time.
在尝试破解哈希前,先收集目标相关信息:
  1. 验证文件类型:确认目标确实是7z归档文件
    bash
    file target.7z
  2. 检查归档属性:查看加密方式和压缩设置
    bash
    7z l -slt target.7z
  3. 记录加密类型:7z通常使用AES-256加密。了解加密方式有助于选择工具并预估破解时长。

Step 2: Extract the Hash

步骤2:提取哈希

Extract the password hash from the 7z archive for offline cracking:
Using 7z2john (John the Ripper utility):
bash
7z2john target.7z > hash.txt
Using 7z2hashcat (Hashcat utility):
bash
7z2hashcat.pl target.7z > hash.txt
从7z归档文件中提取密码哈希以进行离线破解:
使用7z2john(John the Ripper工具):
bash
7z2john target.7z > hash.txt
使用7z2hashcat(Hashcat工具):
bash
7z2hashcat.pl target.7z > hash.txt

Or if using the Python version:

若使用Python版本:

7z2hashcat.py target.7z > hash.txt

**Verify hash extraction:**
- The extracted hash should contain recognizable 7z hash format markers
- For John the Ripper format: `$7z$...`
- For Hashcat format: Hash mode 11600
7z2hashcat.py target.7z > hash.txt

**验证哈希提取结果:**
- 提取的哈希应包含可识别的7z哈希格式标记
- John the Ripper格式:`$7z$...`
- Hashcat格式:哈希模式11600

Step 3: Select Cracking Tool and Approach

步骤3:选择破解工具与方法

Choose the appropriate tool based on available resources:
John the Ripper:
  • Good for CPU-based cracking
  • Excellent wordlist and rule support
  • Works well with smaller wordlists and rule-based attacks
Hashcat:
  • Superior GPU acceleration
  • Hash mode 11600 for 7z archives
  • Better for large-scale brute force attacks
根据可用资源选择合适的工具:
John the Ripper:
  • 适用于基于CPU的破解
  • 具备出色的词表和规则支持
  • 适配小型词表和基于规则的攻击
Hashcat:
  • 拥有更强大的GPU加速能力
  • 针对7z归档文件的哈希模式为11600
  • 更适合大规模暴力破解攻击

Step 4: Execute the Attack

步骤4:执行攻击

Dictionary Attack (Start Here):
bash
undefined
字典攻击(优先尝试):
bash
undefined

John the Ripper

John the Ripper

john --wordlist=/path/to/wordlist.txt hash.txt
john --wordlist=/path/to/wordlist.txt hash.txt

Hashcat

Hashcat

hashcat -m 11600 -a 0 hash.txt /path/to/wordlist.txt

**Rule-Based Attack:**
```bash
hashcat -m 11600 -a 0 hash.txt /path/to/wordlist.txt

**基于规则的攻击:**
```bash

John the Ripper

John the Ripper

john --wordlist=wordlist.txt --rules hash.txt
john --wordlist=wordlist.txt --rules hash.txt

Hashcat

Hashcat

hashcat -m 11600 -a 0 hash.txt wordlist.txt -r rules/best64.rule

**Brute Force (Last Resort):**
```bash
hashcat -m 11600 -a 0 hash.txt wordlist.txt -r rules/best64.rule

**暴力破解(最后手段):**
```bash

Hashcat mask attack (example: 4-digit PIN)

Hashcat掩码攻击(示例:4位PIN码)

hashcat -m 11600 -a 3 hash.txt ?d?d?d?d
hashcat -m 11600 -a 3 hash.txt ?d?d?d?d

John the Ripper incremental

John the Ripper增量模式

john --incremental hash.txt
undefined
john --incremental hash.txt
undefined

Step 5: Verify the Result

步骤5:验证结果

After obtaining a candidate password:
  1. Test with the archive directly:
    bash
    7z x -p"recovered_password" target.7z -o./output/
  2. Check extraction success:
    • Verify files extracted without errors
    • Confirm file contents are readable and uncorrupted
  3. Document the result:
    • Save the recovered password to the solution file
    • Note the method used for future reference
获取候选密码后:
  1. 直接测试归档文件:
    bash
    7z x -p"recovered_password" target.7z -o./output/
  2. 检查提取是否成功:
    • 验证文件提取过程无错误
    • 确认文件内容可读且未损坏
  3. 记录结果:
    • 将恢复的密码保存至解决方案文件
    • 记录所使用的方法以便后续参考

Common Pitfalls and Mistakes

常见误区与错误

Hash Extraction Errors

哈希提取错误

  • Wrong tool version: Ensure 7z2john/7z2hashcat matches the cracking tool version
  • Malformed hash: Verify the hash file contains complete, properly formatted output
  • Missing dependencies: Check that all required Perl/Python modules are installed
  • 工具版本不匹配:确保7z2john/7z2hashcat与破解工具版本一致
  • 哈希格式错误:验证哈希文件包含完整、格式正确的输出
  • 依赖缺失:检查是否安装了所有必需的Perl/Python模块

Tool Configuration Issues

工具配置问题

  • Wrong hash mode: Hashcat mode 11600 is specifically for 7z; using wrong mode will fail silently
  • Memory limitations: 7z hashes can be memory-intensive; adjust workload settings if needed
  • Character encoding: Ensure wordlists use correct encoding for the target password
  • 哈希模式错误:Hashcat的11600模式专门用于7z;使用错误模式会导致静默失败
  • 内存限制:7z哈希对内存要求较高;必要时调整工作负载设置
  • 字符编码:确保词表使用与目标密码匹配的编码

Attack Strategy Mistakes

攻击策略失误

  • Starting with brute force: Always begin with dictionary attacks; brute force is computationally expensive
  • Ignoring common patterns: Try common password patterns, keyboard walks, and variations first
  • Not using rules: Rule-based attacks significantly expand wordlist coverage efficiently
  • 直接使用暴力破解:始终优先尝试字典攻击;暴力破解计算成本极高
  • 忽略常见模式:优先尝试常见密码模式、键盘连续输入序列及变体
  • 未使用规则:基于规则的攻击可高效大幅扩展词表覆盖范围

Verification Oversights

验证疏漏

  • Not testing recovered password: Always verify by actually extracting the archive
  • Partial extraction: Ensure all files extract successfully, not just the first one
  • Case sensitivity: 7z passwords are case-sensitive; verify exact case of recovered password
  • 未测试恢复的密码:务必通过实际提取归档文件进行验证
  • 部分提取:确保所有文件均提取成功,而非仅第一个文件
  • 大小写敏感性:7z密码区分大小写;验证恢复密码的大小写是否完全匹配

Verification Checklist

验证清单

Before marking the task complete, verify:
  • Hash was extracted successfully and is properly formatted
  • Cracking tool recognized and processed the hash
  • Recovered password successfully extracts the archive
  • Extracted files are intact and readable
  • Solution file contains the correct password
  • All steps and methodology are documented
在标记任务完成前,需验证以下内容:
  • 哈希已成功提取且格式正确
  • 破解工具识别并处理了该哈希
  • 恢复的密码可成功提取归档文件
  • 提取的文件完整且可读
  • 解决方案文件包含正确的密码
  • 所有步骤和方法均已记录

Recommended Wordlists

推荐词表

For 7z password cracking, consider these wordlist sources (in order of priority):
  1. rockyou.txt: Standard first-choice wordlist
  2. SecLists: Comprehensive password collections
  3. Custom wordlists: Based on context clues from the challenge/target
  4. Keyboard patterns: Common keyboard walks and patterns
  5. Numeric sequences: PINs, dates, phone numbers
针对7z密码破解,可考虑以下词表来源(按优先级排序):
  1. rockyou.txt:标准首选词表
  2. SecLists:综合性密码集合
  3. 自定义词表:基于挑战/目标的上下文线索生成
  4. 键盘模式:常见键盘连续输入序列及模式
  5. 数字序列:PIN码、日期、电话号码等

Documentation Best Practices

文档记录最佳实践

Always log the cracking process for transparency and reproducibility:
  1. Record tool selection rationale: Why was this tool chosen?
  2. Document attack progression: What attacks were tried and in what order?
  3. Note configuration parameters: What wordlists, rules, and settings were used?
  4. Log timing information: How long did each attack phase take?
  5. Save intermediate results: Keep partial progress and cracking session data
始终记录破解过程以保证透明度和可复现性:
  1. 记录工具选择理由:为何选择该工具?
  2. 记录攻击进展:尝试了哪些攻击,顺序如何?
  3. 记录配置参数:使用了哪些词表、规则和设置?
  4. 记录时间信息:每个攻击阶段耗时多久?
  5. 保存中间结果:保留部分进度和破解会话数据