Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Particular Case of RAR Password Cracking (https://forum.exetools.com/showthread.php?t=18686)

TmC 03-03-2018 03:08
Particular Case of RAR Password Cracking
 
Hi there,
I'm here to ask some advice for a particular case of RAR Password Cracking.

I'm using ElcomSoft ARCHPR 4.54 for this purpose but the inner workings of the program are slowing down the process, or, at least, I don't know it it can be set properly for my case.

The situation is the following:

1. I have many RAR archives, whose files are protected with a single password. (only the files are protected, the archive can be opened and I can see the contents, only extraction needs password)

2. I know the "philosophy" which was used to generate the passwords. They are all Latin Words, only the first letter is capital, no numbers, nothing else. 50% of the files contain a file which name contains this password. Another 25% of the files has a password which is not present in the files name but it is a common latin word. All the passwords are 2 to 8 character maximum.

3. At the moment, the first 50% of the files have been cracked manually and the second 25% of the passwords have been cracked with the auxilium of ARCHPR and the Dictionary attack with the whole list of Latin words.

The problem is the following:

A Latin word (actually it is not Latin but a language derived from Latin which uses conjugation), can have many forms and the dictionary attack only has the "base" form. (ex. base form: habere conjugted: habeo, habes, habet, habebus, habetis, habent)

Since the "logic" behind the passwords is always the same, I suspect that the 25% of the non cracked passwords do use conjugated words that, of course, ARCHPR is unaware of since they are not present in the dictionary supplied.
There is also a remote possibility that it might use proper people's name, like Jesus, Mary, Joseph and so on, but this is not an issue because with a bruteforce attack the meaning of a word is useless

I am trying to figure out how to instruct ARCHPR to perform a brute-force attack based on these premises.

The problem is that, with ARCHPR, if I specify A->Z and a->z, the software tries every possible combination. This arises 2 problem:

1. Out of feasability of cracking time.
2. A lot of wasted time, since only the first letter is capital, and the others are not, so we have that only the first letter is A->Z + a->z and the subsequent others are only a->z.

So far, I have been unable to figure out a solution using ARCHPR...

Do someone of you have a clue on how to do this thing, or can suggest other, more configurable software, to achieve this goal?

Thankyou.

chants 03-03-2018 09:31
1) Get a better dictionary - find a list of all conjugated forms of the language words you are dealing with somewhere out there.
2) Generate your own dictionary - find a list of base forms of the language, find an exhaustive list of possible suffixes, write a small program to combine all combinations.

Really I don't think there are any tricks when you have such a specific situation beyond that you have already kind of guided this response.

niculaita 03-03-2018 16:13
1. just simple: ask password from owner you should have 50 % chance

2. passware 1.1 see https://rutracker.org/forum/viewtopic.php?t=5381706
or 4.0 https://dailyuploads.net/7a7g0uqj2xmh for that maybe someone share a good new serial for 2017.4.0

3. AccentRPR 3.5 build 3415 x64 http://sendfile.su/1287496 that works on windows 7 x64

P.S. here is not free databases: https://www.4shared.com/office/fqQqWxKPba/0all_about__dictionary_with_mo.html

traf0 03-03-2018 17:02
Use free tools, they are more flexible :)
First use rar2john from John The Cracker jumbo package to get the hashes. With the hashes listed in a file you can start cracking them with john or hashcat .
In your case the "Wordlist + Rules" option is needed: c Capitalize the first letter and lower the rest
Google for a good dictionary or use those from SecLists.

More:
Code:
https://hashcat.net/wiki/doku.php?id=rule_based_attack
https://hashcat.net/wiki/doku.php?id=hashcat
https://github.com/danielmiessler/SecLists/tree/master/Passwords
Regarding "50% of the files contain a file which name contains this password.", you can create a list of them using easy bash script like:
Quote:
for i in $(ls | grep .rar); do unrar l $i | grep "*" | awk '{ print $6}'; done

TmC 03-04-2018 07:05
thankyou everyone.

I'm going to study the situation and decide what is best based on your kind suggestions.

I'll let you know what's going on.

@niculaita: do you believe that if 1 was applicable, i'd have written that long paragraph on this forum? :D:D:D

TmC 03-05-2018 08:00
Hi there:

using your help I've been able to find the password for another 20% file (3 proper names, the sons and daughters of the person who protected them). Now there is only left 5% (~50 files) and the program is still working...so there's the change that by tomorrow all the password will be found.

Special thanks to chants who suggested to find a better dictionary. I found one (3.7 mb against 0,66 of the first) that as for now, was able to supply the password do open 2/3 of the files.

I'll let you know when the entire thing will finish


All times are GMT +8. The time now is 01:28.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX