the password protected file MUST be converted into the hash using john's modules IOT successfully crack the password
#convert the password protected file to john's format
root@oco:~$ find / -iname *2john* 2>/dev/null
/usr/sbin/zip2john
* display various tools John can use to convert password-protected file into a format that john can attack
* naming style “{format}2john”
root@oco:~$ zip2john backup.zip > zip.hash
Created directory: /home/str1f3/.john
ver 2.0 efh 5455 efh 7875 backup.zip/index.php PKZIP Encr: TS_chk, cmplen=1201, decmplen=2594, crc=3A41AE06 ts=5722 cs=5722 type=8
ver 2.0 efh 5455 efh 7875 backup.zip/style.css PKZIP Encr: TS_chk, cmplen=986, decmplen=3274, crc=1B1CCD6A ts=989A cs=989a type=8
NOTE: It is assumed that all files in each archive have the same password.
If that is not the case, the hash may be uncrackable. To avoid this, use
option -o to pick a file at a time.
* this cmd creates a hash challenge of a password protected file
root@oco:~$ find / -iname *rockyou* -type f 2>/dev/null
/usr/share/wordlists/rockyou.txt.gz
root@oco:~$ john -wordlist=/usr/share/wordlists/rockyou.txt zip.hash
