The Ethical Hacker Network - winrar password

arunkmohan18

Newbie

Offline

Posts: 4

winrar password

« on: February 03, 2010, 03:21:25 AM »

i want to remove rar password i tried many freeware password removing softwares but it takes long time is there any way to remove this password

please help me


	Logged

aweSEC

Hero Member

Offline

Posts: 1089

Re: winrar password

« Reply #1 on: February 03, 2010, 03:50:59 AM »

Well, depending on the strength of the password it takes more or less time. A possibility to remove the password without doing anything isn't possible.


	Logged

jason

Hero Member

Offline

Posts: 923

Re: winrar password

« Reply #2 on: February 03, 2010, 01:22:33 PM »

You could always build yourself a password cracking supercomputer:

http://www.newscientist.com/article/dn12825


	Logged

arunkmohan18

Newbie

Offline

Posts: 4

Re: winrar password

« Reply #3 on: February 04, 2010, 06:28:44 AM »

my password is 10 length long include numbers, capital and small letters
is there no any way to find out this


	Logged

hayabusa

Hero Member

Offline

Posts: 1197

Re: winrar password

« Reply #4 on: February 04, 2010, 07:46:28 AM »

I'm sure if you acquired rainbow tables (or built them to accommodate the character sets and password length) you could probably either script something, or find a tool to pass the data from the tables into a brute force cracking program... It takes time, but would likely be your best, most reliable, way to TRY to crack it...


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH

bamed

Newbie

Offline

Posts: 48

Re: winrar password

« Reply #5 on: February 04, 2010, 03:03:51 PM »

Rainbow tables only work with password hashes. RAR files don't have password hashes you can extract to run against a Rainbow table.

The only way is to brute-force it. You can use rarcrack which comes built-into BackTrack, or other tools. It will be slow going though. If you know it is exactly 10 characters you can shorten the time by skipping passwords with fewer, or more characters. With rarcrack, you start the process with:

Code:

rarcrack /path_to_file/filename.rar

Then CTRL-C to stop it. A file names filename.rar.xml will have been created. It will look something like:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<rarcrack>
<abc>0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ</abc>
<current>Dk</current>
<good_password/>
</rarcrack>

Edit the:

Code:

line to start wherever you think a good starting point will be.

If you want something faster, and you've got c0ding sk1llz, I've thought a brute-forcer that used CUDA (assuming you have an NVIDIA GPU) would be a good idea.


	Logged

chown -R bamed ./base

hayabusa

Hero Member

Offline

Posts: 1197

Re: winrar password

« Reply #6 on: February 04, 2010, 03:56:13 PM »

Ahh. I agree with what you are saying, and I should've worded more clearly. I wasn't referring to password hashes, bamed... my suggestion was to script a pull from manually created files 'LIKE' rainbow tables, not the ones already built for hashes, and push it against the password for the rar file, repeatedly, until one hit. If you truly generate ALL possibilities in a rainbow table, then you should still hit the proper character combination, sooner or later, provided that A.) you have the proper character sets in the table, and B.) you have the proper length for the possible combinations... Wasn't suggesting a pre-built tool to use rainbow table cracks, such as you do with hashes. Guess I should've been more specific.

So I misspoke... Should've said 'huge' dictionary files, generated from all characters of a given set... and actually, based on the character set he specified, for only 10 characters, the file wouldn't be THAT hard to build and query against, I wouldn't think...


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH

hayabusa

Hero Member

Offline

Posts: 1197

Re: winrar password

« Reply #7 on: February 04, 2010, 04:01:01 PM »

(but would still be a painfully slow process, since 26 upper, 26 lower and 10 digit = 62 characters, to the tenth power = 839299365868340224 words in the file to wait while it tries to brute force...) Shocked


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH

bamed

Newbie

Offline

Posts: 48

Re: winrar password

« Reply #8 on: February 05, 2010, 01:39:17 AM »

If you happen to know certain things about the password, like there's no lowercase letters, no 3's, etc. You can edit the charset in rarcrack for quicker results. Rarcrack will go through every possibility ordinarily, but it will take a LONG time.

Alternately, a good dictionary file is also a good idea. I don't know of a brute-force cracker for rar files that use dictionaries off the top of my head, though I'm sure there are plenty.

You could always write one. If you don't need a lot of speed (you have a good dictionary file and a fast system) you could always do a bash script like:

Code:

#!/bin/bash
## Cheap and dirty rar cracker; uses dictionary file; for educational purposes
## too slow to be really useful
## accepts two arguments, first is dictionary file, second is rar file to crack
## if successul the next try will attempt to overwrite the extracted file, when
## that happens you know it's cracked, and just press Q to quit

for pass in $(cat $1); do
echo 'trying' $pass
unrar e $2 -p$pass
done

The above works, but not the quickest way to do it.


	Logged

chown -R bamed ./base

unsupported

Sr. Member

Offline

Posts: 318

Unofficial Newbie Moderator

Re: winrar password

« Reply #9 on: February 05, 2010, 08:41:38 AM »

And now for something completely snarky (yet helpful)...

Now we have to teach him where to download Backtrack (http://www.backtrack-linux.org/) and burn to an ISO (http://www.petri.co.il/how_to_write_iso_files_to_cd.htm)...


	Logged

-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP

bamed

Newbie

Offline

Posts: 48

Re: winrar password

« Reply #10 on: February 05, 2010, 08:52:42 AM »

So you're trying to tell me there are people who don't already have a copy of BackTrack handy? Where does one find these kind of people?

I have a hard time buying it. Just proves you can't believe everything you read on teh internets.


	Logged

chown -R bamed ./base

hayabusa

Hero Member

Offline

Posts: 1197

Re: winrar password

« Reply #11 on: February 05, 2010, 09:02:37 AM »

Hmpf... you mean Windows doesn't have all the tools I want / need, available for free??? <obvious sarcasm>

Wow, unsupported... you're on it already this morning!


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH

Pages: [1] Go Up

« previous next »