6 replies to this topic

[cm0002]

Hi,
I have a RAR file encrypted with a password that i have forgotten, now i know brute forcing would take a looong time so i want to do a dictionary attack because i know all the possible words in the password and i know that there's an "_" in place of spaces and only 2 special characters "@" and "!" at the end and a 3 digit number that i know as "123" just cant remember the order everything went in. However i can't seem to find any software that would allow this level of flexibility, do you guys know of any software that can give this kind of flexibility? I don't really care if its free or 100$ as long as it works
thanks in advance

[Afterm4th]

Hi,
I have a RAR file encrypted with a password that i have forgotten, now i know brute forcing would take a looong time so i want to do a dictionary attack because i know all the possible words in the password and i know that there's an "_" in place of spaces and only 2 special characters "@" and "!" at the end and a 3 digit number that i know as "123" just cant remember the order everything went in. However i can't seem to find any software that would allow this level of flexibility, do you guys know of any software that can give this kind of flexibility? I don't really care if its free or 100$ as long as it works
thanks in advance

This one:
http://www.elcomsoft.com/archpr.html

in second place i'd say this:
http://www.lostpassword.com/rar.htm

[tekio]

OP: if you cannot find something that has the masking options you need, try JTR's advanced rule sets. While kinda complex, they provide a lot of flexibility. JTR can be put in a mode to just generate a custom word list from rules.

[cm0002]

i tried archpr but for some reason when i load the archive it freezes and crashes, probably because its over 4gb big. but i will try JTR next thanks

[TheFunk]

i tried archpr but for some reason when i load the archive it freezes and crashes, probably because its over 4gb big. but i will try JTR next thanks

If you know the placement of certain characters (e.g. the 123 is at the end, or the password starts with "bob") you could always perform a hybrid attack and only bruteforce part of the password, this would save you tons of time. Sorry if that's what you guys already suggested, I haven't played with JTR too much lately, so I'm rather unaware of how it's advanced rules work.

Here's an explanation of how hybrid attacks work:
This text here is a link

EDIT: Just so it is made known, I am the biggest hybrid attack fan boy there has probably ever been.

Edited by TheFunk, 30 May 2012 - 01:24 PM.

[ruchi]

Hi thanks for your information...............

[I8igmac]

Look up cuda cracking, with passthru with crunch, purehate has a pdf online... I'm on my Droid I would give u a link...

You would needto figure out your crunch command... I'm sure purehate would help you put together the cmd with the description you just gave

edit, im not all that great with fancy linux commands, but here is basic example (password legth 4 to 5)

./crunch 4 5 '@!_123asdfghjklqwertyuiopzxcvbnm'

if you know the password length this wont take that long

Edited by I8igmac, 12 August 2012 - 02:10 PM.