Friday, 6 November 2009

Cracking password protected archive files with rarcrack

There are a large number of password cracking (or to word it in a nice fashion, password recovery) programs available to crack passwords of any number of file type.

Here I will be looking at cracking password protected archive files with rarcrack which is included in the back|track 4 distro.

First lets navigate to rarcrack in back|track, see the help file and which files are located in the rarcrack directory.

cd /pentest/passwords/rarcrack
./rarcrack --help
ls





There are 3 test files included in the rarcrack directory, but lets try rarcrack on some of the files which I created which are on a USB drive; /media/4G/

Starting an attack ;

This below on a zip file created with WinRar;
./rarcrack --type zip --threads 8 /media/4G/TEST6-winrar.zip


This one below on a zip file created in 7-Zip with ZipCrypto encryption;
./rarcrack --type zip --threads 8 /media/4G/TEST-ZipCrypto.zip




This one below on a 7z archive with AES256 encryption;
./rarcrack --type 7z --threads 8 /media/4G/TEST1-AES256.7z
So Slow !

When a crack attempt is started, an xml status file is created in the directory where the archive file is located.
So we can stop the crack and edit the values of the xml file to help speed up the cracking process.




This xml file can be editted to change the character list being used for the crack, in this case as I know the
password is a numerical value, we can edit the xml file so that rarcrack only checks numbers;

nano /media/4G/TEST1-AES256.7z.xml



















Changing the character set to numerical only;


Now we restart the attack on the 7z file and the attack will resume but now only check numerical values;

./rarcrack --type 7z --threads 8 /media/4G/TEST1-AES256.7z










Video on the above using rarcrack can be found here ;
http://blip.tv/file/2816224
or
http://www.youtube.com/watch?v=BMFn-jps3iY


Although I am trying to stick to the back|track tools in my posts, I have to divert somewhat here and mention a Windows tool by Elcomsoft; "Advanced Archive Password Recovery" (ARCHPR).
It is a great tool and Elcomsoft have password recovery tools for a fantastic number of filetypes.


It has an easy interface with various cracking options such as Bruteforce and Dictionary attacks, and is also able to include characters which you think may be correct and mask those you want testing, as in; pass????.

The speed reached is much better in most cases than what rarcrack achieves and also is more flexible on which files can be chosen, although it does not support 7zip created archives.

With rarcrack I was having trouble with it catching the passwords on zip files with AES encryption, ARCHPR has no trouble with these.

ARCHPR in action with bruteforce options ;

































































 Dictionary attack ;

13 comments:

  1. HOW I CANT DOWNLOAD RARCRACK PLSS HELP MEEPLSS

    ReplyDelete
  2. Well, you dont download it, it is installed along with backtrack4.
    It can be found in the directory;
    /pentest/passwords/rarcrack/

    Otherwise a quick google search;
    http://tinyurl.com/2ws5jpl


    Work on your google-fu ..

    ReplyDelete
    Replies
    1. do you need to burn the whole rarcrack into a cd?

      Delete
    2. Well no,

      Backtrack has been discontinued and is now replaced with Kali, in Kali rarcrack is no longer available directly from the repos.

      For rar files I would now suggest trying the program 'cRARk' which can be run on linux or windows and has GPU support.

      Delete
  3. help me guys ! this file in format c - (rarcrack.c and rarcrack.h) what can i do ?

    ReplyDelete
  4. hi there, can you please help me out by knowing,after it(rarcrack) says the password is cracked,where can i find that password??

    ReplyDelete
  5. I dont understand your question..

    If the correct password is found then you get a result ;
    GOOD: Password cracked: 'password_here'

    So what else would you need ?

    ReplyDelete
  6. hey, I keep getting "segmentation fault: 11"
    any idea what the problem is and how to fix it?

    ReplyDelete
  7. The only thing that my google-fu turned up was ;

    http://sourceforge.net/projects/rarcrack/develop

    ReplyDelete
  8. If you're getting segmentation faults, try adding all the options.

    include "--type [TYPE]" and "--threads [NUM]"

    When I do "./rarcrack file.ext" it gives segmentation faults, but when all options are included it works just fine.

    Also, if you look on SourceForge, in the "files" section the latest is rarcrack-0.2, but there is rarcrack-0.3 in the SourceForge git repos.

    ReplyDelete
  9. hey there I just installed rarcrack without problems, I've also downloaded all the libraries and that stuff and I'm just doing what's being shown on the video; the thing is that it appears

    INFO: the specified archive type: rar
    INFO: cracking /home/luis/Descargas/UPDATES-APRIL25TH2012.rar, status file: /home/luis/Descargas/UPDATES-APRIL25TH2012.rar.xml
    GOOD: password cracked: '5'
    GOOD: password cracked: '1'
    GOOD: password cracked: '6'
    GOOD: password cracked: '7'
    GOOD: password cracked: '4'
    GOOD: password cracked: '3'
    GOOD: password cracked: '0'
    GOOD: password cracked: '2'
    It's a long password and it has both numbers and letters so this just doesn't make any sense, any suggestions?

    ReplyDelete
    Replies
    1. Uninstall unrar(nonfree) and replace by unrar(free)

      Delete
  10. Hi,
    I ' m using kali and this does nt have rar crack too.Would you please guide me what to do?

    ReplyDelete

 
Google Analytics Alternative