有用 - 如何使用 hashcat 破解 RAR、ZIP 压缩包密码

# 如何使用 hashcat 破解 RAR、ZIP 压缩包密码

> 本文介绍了如何使用 Hashcat 和 John the Ripper 这两个工具来破解 RAR、ZIP 压缩包密码

> 参考链接：
>
> 轻松搞定 RAR、Zip 压缩包密码！Hashcat +john the ripper 亲测好用！：[https://www.freedidi.com/2655.html](https://www.freedidi.com/2655.html)
>
> John the Ripper：[https://www.openwall.com/john/](https://www.openwall.com/john/)
>
> hashcat：[https://hashcat.net/hashcat/](https://hashcat.net/hashcat/)

**免责声明：本文所讲内容仅供学习使用，请勿用于违法用途！如用于违法用途，请自行承担后果，与本文、本人无关！**

## 前言

最近在网上找资源的时候下载到一份加密的 RAR 压缩包，看到无良搬运工加个密就开始捞钱，作为一个程序猿，这怎么能忍？

既然不想掏钱，那当然要用程序猿的办法——暴力破解了。

而本文要讲述的 hashcat ，就是这样一个密码破解工具。

安装
--------------

### 1. 安装 hashcat

首先，从 [hashcat](https://hashcat.net/hashcat/) 官网下载安装包，解压缩后放在合适的文件夹下。

这里直接下载二进制版就可以了。

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/3387c5c11ef14f45a204f0e8ee0bf5c0d3h7fjsbca.png)

这里以 D 盘为例。

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/3eab80adcf7f4516a1d51e8f456ea3fc4tr6mf5xds.png)

调起命令行控制台，切换到该目录，运行

能正确输出版本即为安装成功。

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/e70e6f06caf44d798503d188860c2a23fjfblf08yk.png)

接下来从官网找个例子，测试一下是否能正确运行。

这里以 MD5 为例。

https://hashcat.net/wiki/doku.php?id=example_hashes

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/23388458cf7647f88201d645ee925856ysxlub3o41.png)

在控制台中输入

```
hashcat -m 0-a 3 8743b52063cd84097a65d1633f5c74f5
```

如果一切正常，你将在控制台看到

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/8bd248453d7a43f0999e8d1ed56b5b0c0vdtwot8o1.png)

冒号后面的就是破解结果，是`hashcat`，和官网给出的答案一致。

注意：

*   如果你再次执行该命令，会得到如下结果：`INFO: All hashes found as potfile and/or empty entries! Use --show to display them.`

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/26bc99f5dcc84fa4bc760b63d348a98052qhireged.png)

此时将命令改为：

```
hashcat -m 0 -a 3 8743b52063cd84097a65d1633f5c74f5 --show
```

就能看到曾经破解过的 hash 了。

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/d9c5bc6a9cef406a9e527cddd2a679d6y6k8ipyxpr.png)

*   如果你在 PowerShell 或 Shell 中执行命令，需要注意`$`的转义，在默认情况下，$ 符号被用于引用环境变量，可能会造成执行结果错误

此时只需要用单引号`''`将 hash 括起来即可。

```
hashcat.exe -m 13000 -w 4 -a 3 '$rar5$16$b88c1d7d2c96dc9d1b1a5ccdc5c25d50$15$8f0b287c982535c868bbff486ee9acd2$8$43907bfa03430471'
```

可以看到，执行成功了，*新版+win10不需要*

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/6a12e0c760ae4a848d9e57056512d029i8ha4sd3t8.png)

### 2. 安装 John the Ripper

看完上面的例子，读者朋友肯定会有个问题，那就是用来破解的 hash 是从哪来的？

如果是类似 MD5、SHA1 这类纯文本，那么算法的结果直接就是用来破解的 hash，而如果是 RAR、ZIP 等压缩包，就需要借助 `John the Ripper`这个工具来获取 hash 了。

同样是通过官网获取到安装压缩包：[https://www.openwall.com/john/](https://www.openwall.com/john/)

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/a9ec5a47f61745cd9e141ef6d34e71ddjlujtgk3k8.png)

解压到合适目录，这里同样以 D 盘为例

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/38d5aedd06b14b26a30bd856518fc2d13ynfiyfdsy.png)

注意，可执行文件在 `run`目录下。可考虑将该目录加入环境变量，方便后续操作。

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/5c09c23758f54032aa21040fc669d98a6oj4ey1qc4.png)

然后，将需要破解的 RAR 压缩包放在**没有空格**的路径下（包括文件名），经过实际测试，`John the Ripper`是支持路径中有中文字符的，但不支持有空格，所以可以把要破解的压缩包改个名字，然后再破解。

实战演示
--------------------

这里以 E 盘下面的`README.rar`和`README.zip`文件为例，我设置了密码为`1234567890`，稍后来演示如何破解。

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/ab3fc68375fb412b86e63e762f937b0auz37raagwn.png)

首先执行如下命令来获取到 hash 值

```bash
D:\xiao\john-1.9.0-jumbo-1-win64\run>zip2john.exe ../README.zip
README.zip/README.md:$zip2$*0*3*0*f72a9af5124feaef487a4da9a364f1da*a036*cde*fb72204b548c9793c1ba6c50856ff7845ac5c10851a0d79355d07df362e5aba52297bbaa3f1e0eb0b757489532074adbf0fc47c4b6e542de0702567c92025be2840d964ca65f6570b7197050e12187d2f5c75a639b91ce7be5ad25659a5462824e99d475727e3795e58c8e2df392325f2b08443764aacd2eabb66a0687588996e109d61d2d178fdbbc6cdf8cba48d163c8431ba073442b63b115178f2416855a465896fac03d920714788dd1b367f561691629172b85bc79422e5e17a695ebcefd7c1c7606150e3234262dd7efd1d1bf622c09931b3e6c93edceb8b045c6ce47c3eb8e13030305fe9599653dfa7fee2c4bb3f597d367d1df12e36615c7829220d6a2cba9cccc977652088910c2c5f0213b9d1226c479f536c193e119c1c4fc0502540234bba4fc75b3bfd43e609ecb94d90a75d6419d1fd68c0f6c215402b4b7dbecbe8aea6475303e67f4df32503565d4602aa209eb29ed9c4fa38ecb5023ff2b4feb6abb032b30c78257440f9d633a5709829089861b2170443785ba0b6ad0c81cafa541365af72cf3e194f5448e6b5ec7bc51ffe8024c8cdb052cd7ca21e1fd9e4efe56742b5221d10a355fb648a59ab9866cb7cd6736538b09fdec7f81aff9fec31b2d967e998df242bd7d09c485d96965bf56910ca7d637a45fe378f4ca268251729cd4582abbceacfc3240b4a559d11d1f6a06bb1330fc8330cc416ff65e570d448b22210b6f7e0874d1acd4bdd0cb793092f13ad0c1257972c7737dee1fc78575fff274a16a9ea9764544d6f5258750aaa5797ea674ce2a918ab5e4299efa759ed560159321e464ee534f316d376bb0e03ab8fc7ca103732711c7fafb24892e0cc7450733101e967a5f57c734eb769fdb136f26d45fa59e4a42943e885c8de7316001867a62a7d5fc025af91b91f81d0c5218744e4861213e2fb3e4c089e062a431ea3474f734141c4b2a6be82b152f9e2015b6bdc91866607b9f85060f0aef81bf743b62a22604277dd9a66ed9d2510efcb9cbe6c771de0274521b21a88bb71a8b9a5f781c1181547b2dd230eaaa5e938e0d8e869bfc6798109dda760d3788f9be665272bd52d6cf2428dbf57fdddbf1d45318a72ccba2fcc2efdbfcd42b5a19a0dac38fabe3ab1819160c684a999d21ef454b21c707366044e1eeaea5478086631abd03102b0dc6bcc4cb43d71b5a066041e677a08a516c25cfef7a32246d74b66cafca3bf416d398fafdf40118d6cd1458b69cbe2a1c16e3a18081f33adf870331d4e74f696601d6902157fae32e8057cf34ed72f3caff358493f0576f1d06c9420335e21048a52cb58e40c28fad25f962f8aaa78bd732c91ebb9dde841096bb69d27df0008717ff57cfe462b6d076afe0878e4365c7f1e8c2b76899be9ff884222230e81f9ed46c5414b0424f0aeec03890ef9d94e45050df9a929822eb807a20a8d34136ebf38f37131a4263ca3afee27b28da5c31fd8206b194233196e50468f074ba3ef390075a01ea62d629812aa31d3f6a3c997f4a688947852228b0818d4ab0a5473947bbe9bc7947d98fce3c1e92542bab2e822773f09fdc54ebb532bbaa29ea65f05764c4963e90eb0eab87c1acbad788f8e97aec3098911560db4fade8d3bc0b9a2f1f54506362713f43d3fd48b560264a7eaac4682319a46c7644322118385cb2c407576b6a4848d9a52100e8bf66ddc74cb5bc49b249ea7c90333f8ed7bf4a607de041edff858958db0f8210e858128ea8b46e202a3ba65ac43cc489878820555285d7dd22af73843b1fb0fa94b66b36c8518cfe760088f6c1314f3b11e72e44e28704228248960345f0c1d2dda0016fcbf2dd143669177b51afe207c2a466ae39b5c863db80f75ebd2c59a14ab5564ba164f84973a52ff1c2050bbedc79dbd3d1639450611cc5b1b6c19d5db1f89eb9d3351e0a99d3b696443ca6f3fdd26ad15d544a5b501d886011bfc16125bb04cf9097c49d6b936e53d5189a7fa723b084426e4da237311ddf5d217d1c1dad496953c0e331f2eb7bf2ef2296ecdcb98386ec4f6cc39bc144b53857f7db700015fdf4f61bffae9bd37dd8c6bee8de62fe19a4e19e1b48cab2fabb9ac74f845d0c5614f032c85270fe4f1831e22ae65ab924c0ee083bf7d11af13e706329062e3b0740dd71b781b051618878d33bce725fd7e36b8d84b0ab4c9f41383ec6a036749ad03dcbac3cdef7325af6b701ca64b590f27bfb9574d40e326c06f5f17514e519a98b9f2644d0522cfb24e4550be8b65567e0e08bd89a2ecfb32570cc56b05f89ec26965016c56ceb9f20ff70875fed201bd075a93e091c115beb600702270a21083061b13672faf2f829eefb6c132f6c0bbaccbe7371b1192f2e698470053495bc1d48308229a79b77bc383eae4aaa6ea884e8dcfa6c1a444611586ccc2c674c76676a5f50d35fdbf8a525226405e975339a8a5b7b8e6d49ff4cb6b88717f478fa2b06b6a01804f382ca016da66d91af309c4c76728def34c9902edba31b0f2a9b880b63c22472be6f94d87e3ada200725efdf2e6b9751d1d05ce7192a855a052ef1922cdf99759cab6cb9d68d980b6e4687adcb47b66c0c12d5c171d674857d5789be1e9b1549e020e9658b953acc5c0477e613f74d11dfe4d575e72f7ede15e8ec418a701dc4da4bab2597b7e50450b5da20419a6cd69555990a18a74b460f51d63639ca0171d9d96609d0d1800646de5ab17eb636f12165fce77257ceb72d9b721491877b4ec308c6fe8b51b7ba8e363d52eafbcea178789c0efac63adcfaa384fbf2e1b8309ee950c0d7218b985784afcd7a44b016b6299ba80e898b7a2b97be001c106cf1e3e5ace0e9943e4693d80c649feb417c9f7553610e52230df88cbfa984919a0c84dd83e4e5b871def7b900797dc056493bee0f7ceb93a33916ceb9a1f5a3724f03ea591fcf5fe4252ea10b13721984ef5f170b331e78ac34c5dca1931d17e573c02fa0d6a0536c765b3761518cb69492decd2a9dd16fea6ca4a8f4ec1573493898ba09ddb05210598762c08dbd220721f3f4ea32dc47f79a4f3573fa2fa5cce521113bc7f317f5b3fbd1e40917c22b424114def20d62a840d0838de70d03831c54aaf864c5d5fe66c81595bcbf9006edc4303850fd16a8f5dafba2bd5efe49c6c2959f37c6643c5f8351a1f2a565cd00c773ccf878d9ab15ff66170cde03c9f94052152c732dc878b086f539e5e40e3d752c35a06516fd66cee9eb508d07ba345c83b88808e8733611f0b54678c771f7c0e79335e8859e2504e81bda5c572cf91f3e2112270be5012c092ea493c0cf47936512a5238f0002bfafd2201f4c9067ec76b91f5af54f7758ad75bd42127befa5b971c621c1c7ded123806228bb873d31d63a333a654ba059c0ce2790e5e14b03af4a994bbca653728079b282b27fbb06654977ecdba316963da1a29f34a4f824d533af05c6bf8ba1cea8e5106ef84fb0cfbe5ff467d1df30bcbd34d769bef7054b047b5104536b3d06fc6df3e727d02a0b162f47f38cdf4d20e7d14ece810a851e1551f027513d725531a0f36d73aa11003a3269417294cc6a2fcd17fba68d57d5591faab19ca1ee600148bade54b7710bbe9c69aa118081de5a185c9273e25adc7588b5eeef8564f7d92438c296363c2e65a6969f7614c89cc659c4f4759dff4cebe14ea6021928c144c878c2aa55278389619de56c19463d863dc80571d9b6d4d7d90314ed1f8f51a77ef63112e73ef1243c1deecaf75360a26762e16818d13800e8734304377af5533bc954436c7f5d33e9b4980d54072c834f47c2aa7e1e45a63d4d9470d9b852c5e99e54a931c1d8f98ae018c49f00a04837e2fc88751727e48bf2e87b70f04ac78b8b96dcce0c7af13cfd87da80a3ec2f652d5683d077ac0348e516a7f022f260b17b3a7a5e081d13d79ed551c9cecf7be48a1d04a6133b841b5eac44f7e830d1fd92ad0d2f0fca65cf845c918ec4be28cfef120a349c1542a424c61ade480e08385b3abea5ff6d5e5f725686b8e2bc31facd675317432f2a702f8f6d38cacea43450ea5ef6665c26b9a6a82320cc416dee1abbfe0649c07c395c2618b9ce4cfe1eab5ec495acaffb7d7ef90e1d964af11502b079fc88c1641b47645f100a80826e4c3becab560b11ea29d0f6ddd96317e0699bc8fa4bb761c8e8b54344a84160d8aa3f1978a7cdb2e78088e6169dccc372d569c9a8a2ad29cb6917abfc9536bb334aad07c7bf7837c94b52820ac8c8383cd64114f2587fe0b8e79f521196d74ea0b8e67fb6ca94befc9657be6584beb354d3daf96ec47915698e74042286c8fa22c6b7dc005cd8d32f825ab8b95f4a6c5a472841fb9386a5af858e68486062dc2fae88d26cca710c7ed5676ea5f9dc19b7aa88f6af9a2aa3ee7960331f479e8fea72ac0c9880cf800d93c8d1c7d6b587fd38508c2c2e11133196a5a6b41310f98a2e286febac9d0d1db4277a8c2b3b4dc878d680e3d3f7e9b6a81664d5e6e8633629dcc2e347c7e905ea1a8cbdc96af7c3616fc9fe01d5b119556fa72301fda6cdd60013bee48608435a255a991b8cf79678992e3a2f96739eeb0c716d469109f1cbccc219af14c74509282a1c93fc9db87eb4f559a6f325fac1a1eb36f06bff55*c6db287c2b0cc125a140*$/zip2$:README.md:README.zip:../README.zip
ver 2.0 efh 9901 README.zip/README.md PKZIP Encr: cmplen=3322, decmplen=7453, crc=E9AB8F6B
README.zip/README.md:$pkzip2$1*1*2*0*cfa*1d1d*e9ab8f6b*0*32*63*cfa*e9ab*018f*f72a9af5124feaef487a4da9a364f1daa036fb72204b548c9793c1ba6c50856ff7845ac5c10851a0d79355d07df362e5aba52297bbaa3f1e0eb0b757489532074adbf0fc47c4b6e542de0702567c92025be2840d964ca65f6570b7197050e12187d2f5c75a639b91ce7be5ad25659a5462824e99d475727e3795e58c8e2df392325f2b08443764aacd2eabb66a0687588996e109d61d2d178fdbbc6cdf8cba48d163c8431ba073442b63b115178f2416855a465896fac03d920714788dd1b367f561691629172b85bc79422e5e17a695ebcefd7c1c7606150e3234262dd7efd1d1bf622c09931b3e6c93edceb8b045c6ce47c3eb8e13030305fe9599653dfa7fee2c4bb3f597d367d1df12e36615c7829220d6a2cba9cccc977652088910c2c5f0213b9d1226c479f536c193e119c1c4fc0502540234bba4fc75b3bfd43e609ecb94d90a75d6419d1fd68c0f6c215402b4b7dbecbe8aea6475303e67f4df32503565d4602aa209eb29ed9c4fa38ecb5023ff2b4feb6abb032b30c78257440f9d633a5709829089861b2170443785ba0b6ad0c81cafa541365af72cf3e194f5448e6b5ec7bc51ffe8024c8cdb052cd7ca21e1fd9e4efe56742b5221d10a355fb648a59ab9866cb7cd6736538b09fdec7f81aff9fec31b2d967e998df242bd7d09c485d96965bf56910ca7d637a45fe378f4ca268251729cd4582abbceacfc3240b4a559d11d1f6a06bb1330fc8330cc416ff65e570d448b22210b6f7e0874d1acd4bdd0cb793092f13ad0c1257972c7737dee1fc78575fff274a16a9ea9764544d6f5258750aaa5797ea674ce2a918ab5e4299efa759ed560159321e464ee534f316d376bb0e03ab8fc7ca103732711c7fafb24892e0cc7450733101e967a5f57c734eb769fdb136f26d45fa59e4a42943e885c8de7316001867a62a7d5fc025af91b91f81d0c5218744e4861213e2fb3e4c089e062a431ea3474f734141c4b2a6be82b152f9e2015b6bdc91866607b9f85060f0aef81bf743b62a22604277dd9a66ed9d2510efcb9cbe6c771de0274521b21a88bb71a8b9a5f781c1181547b2dd230eaaa5e938e0d8e869bfc6798109dda760d3788f9be665272bd52d6cf2428dbf57fdddbf1d45318a72ccba2fcc2efdbfcd42b5a19a0dac38fabe3ab1819160c684a999d21ef454b21c707366044e1eeaea5478086631abd03102b0dc6bcc4cb43d71b5a066041e677a08a516c25cfef7a32246d74b66cafca3bf416d398fafdf40118d6cd1458b69cbe2a1c16e3a18081f33adf870331d4e74f696601d6902157fae32e8057cf34ed72f3caff358493f0576f1d06c9420335e21048a52cb58e40c28fad25f962f8aaa78bd732c91ebb9dde841096bb69d27df0008717ff57cfe462b6d076afe0878e4365c7f1e8c2b76899be9ff884222230e81f9ed46c5414b0424f0aeec03890ef9d94e45050df9a929822eb807a20a8d34136ebf38f37131a4263ca3afee27b28da5c31fd8206b194233196e50468f074ba3ef390075a01ea62d629812aa31d3f6a3c997f4a688947852228b0818d4ab0a5473947bbe9bc7947d98fce3c1e92542bab2e822773f09fdc54ebb532bbaa29ea65f05764c4963e90eb0eab87c1acbad788f8e97aec3098911560db4fade8d3bc0b9a2f1f54506362713f43d3fd48b560264a7eaac4682319a46c7644322118385cb2c407576b6a4848d9a52100e8bf66ddc74cb5bc49b249ea7c90333f8ed7bf4a607de041edff858958db0f8210e858128ea8b46e202a3ba65ac43cc489878820555285d7dd22af73843b1fb0fa94b66b36c8518cfe760088f6c1314f3b11e72e44e28704228248960345f0c1d2dda0016fcbf2dd143669177b51afe207c2a466ae39b5c863db80f75ebd2c59a14ab5564ba164f84973a52ff1c2050bbedc79dbd3d1639450611cc5b1b6c19d5db1f89eb9d3351e0a99d3b696443ca6f3fdd26ad15d544a5b501d886011bfc16125bb04cf9097c49d6b936e53d5189a7fa723b084426e4da237311ddf5d217d1c1dad496953c0e331f2eb7bf2ef2296ecdcb98386ec4f6cc39bc144b53857f7db700015fdf4f61bffae9bd37dd8c6bee8de62fe19a4e19e1b48cab2fabb9ac74f845d0c5614f032c85270fe4f1831e22ae65ab924c0ee083bf7d11af13e706329062e3b0740dd71b781b051618878d33bce725fd7e36b8d84b0ab4c9f41383ec6a036749ad03dcbac3cdef7325af6b701ca64b590f27bfb9574d40e326c06f5f17514e519a98b9f2644d0522cfb24e4550be8b65567e0e08bd89a2ecfb32570cc56b05f89ec26965016c56ceb9f20ff70875fed201bd075a93e091c115beb600702270a21083061b13672faf2f829eefb6c132f6c0bbaccbe7371b1192f2e698470053495bc1d48308229a79b77bc383eae4aaa6ea884e8dcfa6c1a444611586ccc2c674c76676a5f50d35fdbf8a525226405e975339a8a5b7b8e6d49ff4cb6b88717f478fa2b06b6a01804f382ca016da66d91af309c4c76728def34c9902edba31b0f2a9b880b63c22472be6f94d87e3ada200725efdf2e6b9751d1d05ce7192a855a052ef1922cdf99759cab6cb9d68d980b6e4687adcb47b66c0c12d5c171d674857d5789be1e9b1549e020e9658b953acc5c0477e613f74d11dfe4d575e72f7ede15e8ec418a701dc4da4bab2597b7e50450b5da20419a6cd69555990a18a74b460f51d63639ca0171d9d96609d0d1800646de5ab17eb636f12165fce77257ceb72d9b721491877b4ec308c6fe8b51b7ba8e363d52eafbcea178789c0efac63adcfaa384fbf2e1b8309ee950c0d7218b985784afcd7a44b016b6299ba80e898b7a2b97be001c106cf1e3e5ace0e9943e4693d80c649feb417c9f7553610e52230df88cbfa984919a0c84dd83e4e5b871def7b900797dc056493bee0f7ceb93a33916ceb9a1f5a3724f03ea591fcf5fe4252ea10b13721984ef5f170b331e78ac34c5dca1931d17e573c02fa0d6a0536c765b3761518cb69492decd2a9dd16fea6ca4a8f4ec1573493898ba09ddb05210598762c08dbd220721f3f4ea32dc47f79a4f3573fa2fa5cce521113bc7f317f5b3fbd1e40917c22b424114def20d62a840d0838de70d03831c54aaf864c5d5fe66c81595bcbf9006edc4303850fd16a8f5dafba2bd5efe49c6c2959f37c6643c5f8351a1f2a565cd00c773ccf878d9ab15ff66170cde03c9f94052152c732dc878b086f539e5e40e3d752c35a06516fd66cee9eb508d07ba345c83b88808e8733611f0b54678c771f7c0e79335e8859e2504e81bda5c572cf91f3e2112270be5012c092ea493c0cf47936512a5238f0002bfafd2201f4c9067ec76b91f5af54f7758ad75bd42127befa5b971c621c1c7ded123806228bb873d31d63a333a654ba059c0ce2790e5e14b03af4a994bbca653728079b282b27fbb06654977ecdba316963da1a29f34a4f824d533af05c6bf8ba1cea8e5106ef84fb0cfbe5ff467d1df30bcbd34d769bef7054b047b5104536b3d06fc6df3e727d02a0b162f47f38cdf4d20e7d14ece810a851e1551f027513d725531a0f36d73aa11003a3269417294cc6a2fcd17fba68d57d5591faab19ca1ee600148bade54b7710bbe9c69aa118081de5a185c9273e25adc7588b5eeef8564f7d92438c296363c2e65a6969f7614c89cc659c4f4759dff4cebe14ea6021928c144c878c2aa55278389619de56c19463d863dc80571d9b6d4d7d90314ed1f8f51a77ef63112e73ef1243c1deecaf75360a26762e16818d13800e8734304377af5533bc954436c7f5d33e9b4980d54072c834f47c2aa7e1e45a63d4d9470d9b852c5e99e54a931c1d8f98ae018c49f00a04837e2fc88751727e48bf2e87b70f04ac78b8b96dcce0c7af13cfd87da80a3ec2f652d5683d077ac0348e516a7f022f260b17b3a7a5e081d13d79ed551c9cecf7be48a1d04a6133b841b5eac44f7e830d1fd92ad0d2f0fca65cf845c918ec4be28cfef120a349c1542a424c61ade480e08385b3abea5ff6d5e5f725686b8e2bc31facd675317432f2a702f8f6d38cacea43450ea5ef6665c26b9a6a82320cc416dee1abbfe0649c07c395c2618b9ce4cfe1eab5ec495acaffb7d7ef90e1d964af11502b079fc88c1641b47645f100a80826e4c3becab560b11ea29d0f6ddd96317e0699bc8fa4bb761c8e8b54344a84160d8aa3f1978a7cdb2e78088e6169dccc372d569c9a8a2ad29cb6917abfc9536bb334aad07c7bf7837c94b52820ac8c8383cd64114f2587fe0b8e79f521196d74ea0b8e67fb6ca94befc9657be6584beb354d3daf96ec47915698e74042286c8fa22c6b7dc005cd8d32f825ab8b95f4a6c5a472841fb9386a5af858e68486062dc2fae88d26cca710c7ed5676ea5f9dc19b7aa88f6af9a2aa3ee7960331f479e8fea72ac0c9880cf800d93c8d1c7d6b587fd38508c2c2e11133196a5a6b41310f98a2e286febac9d0d1db4277a8c2b3b4dc878d680e3d3f7e9b6a81664d5e6e8633629dcc2e347c7e905ea1a8cbdc96af7c3616fc9fe01d5b119556fa72301fda6cdd60013bee48608435a255a991b8cf79678992e3a2f96739eeb0c716d469109f1cbccc219af14c74509282a1c93fc9db87eb4f559a6f325fac1a1eb36f06bff55c6db287c2b0cc125a140*$/pkzip2$:README.md:README.zip::../README.zip

D:\xiao\john-1.9.0-jumbo-1-win64\run>rar2john.exe ../README.rar
../README.rar:$rar5$16$64c3f4cbf8d62e0d8da5467705291520$15$4c17c38fcf8333b8e7b089d13cfe56e5$8$9faa2facaacf5c70
```

冒号后面的`$rar5$16$64c3f4cbf8d62e0d8da5467705291520$15$4c17c38fcf8333b8e7b089d13cfe56e5$8$9faa2facaacf5c70`就是我们需要的 hash 值。

接下来执行

```
hashcat -m 17210 -w 1 -a 3 $pkzip2$1*1*2*0*cfa*1d1d*e9ab8f6b*0*32*63*cfa*e9ab*018f*f72a9af5124feaef487a4da9a364f1daa036fb72204b548c9793c1ba6c50856ff7845ac5c10851a0d79355d07df362e5aba52297bbaa3f1e0eb0b757489532074adbf0fc47c4b6e542de0702567c92025be2840d964ca65f6570b7197050e12187d2f5c75a639b91ce7be5ad25659a5462824e99d475727e3795e58c8e2df392325f2b08443764aacd2eabb66a0687588996e109d61d2d178fdbbc6cdf8cba48d163c8431ba073442b63b115178f2416855a465896fac03d920714788dd1b367f561691629172b85bc79422e5e17a695ebcefd7c1c7606150e3234262dd7efd1d1bf622c09931b3e6c93edceb8b045c6ce47c3eb8e13030305fe9599653dfa7fee2c4bb3f597d367d1df12e36615c7829220d6a2cba9cccc977652088910c2c5f0213b9d1226c479f536c193e119c1c4fc0502540234bba4fc75b3bfd43e609ecb94d90a75d6419d1fd68c0f6c215402b4b7dbecbe8aea6475303e67f4df32503565d4602aa209eb29ed9c4fa38ecb5023ff2b4feb6abb032b30c78257440f9d633a5709829089861b2170443785ba0b6ad0c81cafa541365af72cf3e194f5448e6b5ec7bc51ffe8024c8cdb052cd7ca21e1fd9e4efe56742b5221d10a355fb648a59ab9866cb7cd6736538b09fdec7f81aff9fec31b2d967e998df242bd7d09c485d96965bf56910ca7d637a45fe378f4ca268251729cd4582abbceacfc3240b4a559d11d1f6a06bb1330fc8330cc416ff65e570d448b22210b6f7e0874d1acd4bdd0cb793092f13ad0c1257972c7737dee1fc78575fff274a16a9ea9764544d6f5258750aaa5797ea674ce2a918ab5e4299efa759ed560159321e464ee534f316d376bb0e03ab8fc7ca103732711c7fafb24892e0cc7450733101e967a5f57c734eb769fdb136f26d45fa59e4a42943e885c8de7316001867a62a7d5fc025af91b91f81d0c5218744e4861213e2fb3e4c089e062a431ea3474f734141c4b2a6be82b152f9e2015b6bdc91866607b9f85060f0aef81bf743b62a22604277dd9a66ed9d2510efcb9cbe6c771de0274521b21a88bb71a8b9a5f781c1181547b2dd230eaaa5e938e0d8e869bfc6798109dda760d3788f9be665272bd52d6cf2428dbf57fdddbf1d45318a72ccba2fcc2efdbfcd42b5a19a0dac38fabe3ab1819160c684a999d21ef454b21c707366044e1eeaea5478086631abd03102b0dc6bcc4cb43d71b5a066041e677a08a516c25cfef7a32246d74b66cafca3bf416d398fafdf40118d6cd1458b69cbe2a1c16e3a18081f33adf870331d4e74f696601d6902157fae32e8057cf34ed72f3caff358493f0576f1d06c9420335e21048a52cb58e40c28fad25f962f8aaa78bd732c91ebb9dde841096bb69d27df0008717ff57cfe462b6d076afe0878e4365c7f1e8c2b76899be9ff884222230e81f9ed46c5414b0424f0aeec03890ef9d94e45050df9a929822eb807a20a8d34136ebf38f37131a4263ca3afee27b28da5c31fd8206b194233196e50468f074ba3ef390075a01ea62d629812aa31d3f6a3c997f4a688947852228b0818d4ab0a5473947bbe9bc7947d98fce3c1e92542bab2e822773f09fdc54ebb532bbaa29ea65f05764c4963e90eb0eab87c1acbad788f8e97aec3098911560db4fade8d3bc0b9a2f1f54506362713f43d3fd48b560264a7eaac4682319a46c7644322118385cb2c407576b6a4848d9a52100e8bf66ddc74cb5bc49b249ea7c90333f8ed7bf4a607de041edff858958db0f8210e858128ea8b46e202a3ba65ac43cc489878820555285d7dd22af73843b1fb0fa94b66b36c8518cfe760088f6c1314f3b11e72e44e28704228248960345f0c1d2dda0016fcbf2dd143669177b51afe207c2a466ae39b5c863db80f75ebd2c59a14ab5564ba164f84973a52ff1c2050bbedc79dbd3d1639450611cc5b1b6c19d5db1f89eb9d3351e0a99d3b696443ca6f3fdd26ad15d544a5b501d886011bfc16125bb04cf9097c49d6b936e53d5189a7fa723b084426e4da237311ddf5d217d1c1dad496953c0e331f2eb7bf2ef2296ecdcb98386ec4f6cc39bc144b53857f7db700015fdf4f61bffae9bd37dd8c6bee8de62fe19a4e19e1b48cab2fabb9ac74f845d0c5614f032c85270fe4f1831e22ae65ab924c0ee083bf7d11af13e706329062e3b0740dd71b781b051618878d33bce725fd7e36b8d84b0ab4c9f41383ec6a036749ad03dcbac3cdef7325af6b701ca64b590f27bfb9574d40e326c06f5f17514e519a98b9f2644d0522cfb24e4550be8b65567e0e08bd89a2ecfb32570cc56b05f89ec26965016c56ceb9f20ff70875fed201bd075a93e091c115beb600702270a21083061b13672faf2f829eefb6c132f6c0bbaccbe7371b1192f2e698470053495bc1d48308229a79b77bc383eae4aaa6ea884e8dcfa6c1a444611586ccc2c674c76676a5f50d35fdbf8a525226405e975339a8a5b7b8e6d49ff4cb6b88717f478fa2b06b6a01804f382ca016da66d91af309c4c76728def34c9902edba31b0f2a9b880b63c22472be6f94d87e3ada200725efdf2e6b9751d1d05ce7192a855a052ef1922cdf99759cab6cb9d68d980b6e4687adcb47b66c0c12d5c171d674857d5789be1e9b1549e020e9658b953acc5c0477e613f74d11dfe4d575e72f7ede15e8ec418a701dc4da4bab2597b7e50450b5da20419a6cd69555990a18a74b460f51d63639ca0171d9d96609d0d1800646de5ab17eb636f12165fce77257ceb72d9b721491877b4ec308c6fe8b51b7ba8e363d52eafbcea178789c0efac63adcfaa384fbf2e1b8309ee950c0d7218b985784afcd7a44b016b6299ba80e898b7a2b97be001c106cf1e3e5ace0e9943e4693d80c649feb417c9f7553610e52230df88cbfa984919a0c84dd83e4e5b871def7b900797dc056493bee0f7ceb93a33916ceb9a1f5a3724f03ea591fcf5fe4252ea10b13721984ef5f170b331e78ac34c5dca1931d17e573c02fa0d6a0536c765b3761518cb69492decd2a9dd16fea6ca4a8f4ec1573493898ba09ddb05210598762c08dbd220721f3f4ea32dc47f79a4f3573fa2fa5cce521113bc7f317f5b3fbd1e40917c22b424114def20d62a840d0838de70d03831c54aaf864c5d5fe66c81595bcbf9006edc4303850fd16a8f5dafba2bd5efe49c6c2959f37c6643c5f8351a1f2a565cd00c773ccf878d9ab15ff66170cde03c9f94052152c732dc878b086f539e5e40e3d752c35a06516fd66cee9eb508d07ba345c83b88808e8733611f0b54678c771f7c0e79335e8859e2504e81bda5c572cf91f3e2112270be5012c092ea493c0cf47936512a5238f0002bfafd2201f4c9067ec76b91f5af54f7758ad75bd42127befa5b971c621c1c7ded123806228bb873d31d63a333a654ba059c0ce2790e5e14b03af4a994bbca653728079b282b27fbb06654977ecdba316963da1a29f34a4f824d533af05c6bf8ba1cea8e5106ef84fb0cfbe5ff467d1df30bcbd34d769bef7054b047b5104536b3d06fc6df3e727d02a0b162f47f38cdf4d20e7d14ece810a851e1551f027513d725531a0f36d73aa11003a3269417294cc6a2fcd17fba68d57d5591faab19ca1ee600148bade54b7710bbe9c69aa118081de5a185c9273e25adc7588b5eeef8564f7d92438c296363c2e65a6969f7614c89cc659c4f4759dff4cebe14ea6021928c144c878c2aa55278389619de56c19463d863dc80571d9b6d4d7d90314ed1f8f51a77ef63112e73ef1243c1deecaf75360a26762e16818d13800e8734304377af5533bc954436c7f5d33e9b4980d54072c834f47c2aa7e1e45a63d4d9470d9b852c5e99e54a931c1d8f98ae018c49f00a04837e2fc88751727e48bf2e87b70f04ac78b8b96dcce0c7af13cfd87da80a3ec2f652d5683d077ac0348e516a7f022f260b17b3a7a5e081d13d79ed551c9cecf7be48a1d04a6133b841b5eac44f7e830d1fd92ad0d2f0fca65cf845c918ec4be28cfef120a349c1542a424c61ade480e08385b3abea5ff6d5e5f725686b8e2bc31facd675317432f2a702f8f6d38cacea43450ea5ef6665c26b9a6a82320cc416dee1abbfe0649c07c395c2618b9ce4cfe1eab5ec495acaffb7d7ef90e1d964af11502b079fc88c1641b47645f100a80826e4c3becab560b11ea29d0f6ddd96317e0699bc8fa4bb761c8e8b54344a84160d8aa3f1978a7cdb2e78088e6169dccc372d569c9a8a2ad29cb6917abfc9536bb334aad07c7bf7837c94b52820ac8c8383cd64114f2587fe0b8e79f521196d74ea0b8e67fb6ca94befc9657be6584beb354d3daf96ec47915698e74042286c8fa22c6b7dc005cd8d32f825ab8b95f4a6c5a472841fb9386a5af858e68486062dc2fae88d26cca710c7ed5676ea5f9dc19b7aa88f6af9a2aa3ee7960331f479e8fea72ac0c9880cf800d93c8d1c7d6b587fd38508c2c2e11133196a5a6b41310f98a2e286febac9d0d1db4277a8c2b3b4dc878d680e3d3f7e9b6a81664d5e6e8633629dcc2e347c7e905ea1a8cbdc96af7c3616fc9fe01d5b119556fa72301fda6cdd60013bee48608435a255a991b8cf79678992e3a2f96739eeb0c716d469109f1cbccc219af14c74509282a1c93fc9db87eb4f559a6f325fac1a1eb36f06bff55c6db287c2b0cc125a140*$/pkzip2$

hashcat -m 13000 -w 1 -a 3 $rar5$16$64c3f4cbf8d62e0d8da5467705291520$15$4c17c38fcf8333b8e7b089d13cfe56e5$8$9faa2facaacf5c70
```

这里逐一为大家解释参数的作用。

*   -m 是设置 hash 类型，具体可参考 [https://hashcat.net/wiki/doku.php?id=example_hashes](https://hashcat.net/wiki/doku.php?id=example_hashes%EF%BC%8C%E5%85%B6%E4%B8%AD) ，其中RAR 对应的就是 13000，相应的，ZIP 对应的就是 13600，MD5 是 0。
*   -a 是设置攻击模式，具体可参考 [https://hashcat.net/wiki/doku.php?id=mask_attack，从](https://hashcat.net/wiki/doku.php?id=mask_attack%EF%BC%8C%E4%BB%8E) 0 到 9，用于破解的字符、单词数会逐渐增加。
*   -w 是设置工作负载配置，从 1 到 3，对电脑要求越高。高配电脑设置为 3，低配电脑设置为 1
*   -o 是设置输出路径，默认为在控制台输出，如果设置了则会输出到文件，例如设置`-o password.txt`就会输出到`password.txt`文件中。

稍微等待一段时间后，可以看到破解结果，是`1234`，与前文设置的一致。

![](https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/f14f9e0aabed42ebaf21f7aeb755132f1ipphkj2l6.png)

破解的时间与密码的复杂程度成正比，简单的密码还是破解的非常快的，如果很长时间没有破解成功，那么就说明这个密码非常复杂，还是直接放弃暴力破解的方法吧。

## 快照
- https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/6aadbf40bfc3414bb5c8fca9b52f8a28u8vd5gij4b.png
- https://i3.wp.com/osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/6aadbf40bfc3414bb5c8fca9b52f8a28u8vd5gij4b.png
- https://788910.xyz/api/snapshot?p=94f57f6e2a99bef187c43f99e6689709&u=https://osspic.d6rv.cn/crmebimage/public/maintain/2026/03/05/6aadbf40bfc3414bb5c8fca9b52f8a28u8vd5gij4b.png