Friday 6 November 2009

Cracking password protected archive files with rarcrack

There are a large number of password cracking (or to word it in a nice fashion, password recovery) programs available to crack passwords of any number of file type.

Here I will be looking at cracking password protected archive files with rarcrack which is included in the back|track 4 distro.

First lets navigate to rarcrack in back|track, see the help file and which files are located in the rarcrack directory.

cd /pentest/passwords/rarcrack
./rarcrack --help

There are 3 test files included in the rarcrack directory, but lets try rarcrack on some of the files which I created which are on a USB drive; /media/4G/

Starting an attack ;

This below on a zip file created with WinRar;
./rarcrack --type zip --threads 8 /media/4G/

This one below on a zip file created in 7-Zip with ZipCrypto encryption;
./rarcrack --type zip --threads 8 /media/4G/

This one below on a 7z archive with AES256 encryption;
./rarcrack --type 7z --threads 8 /media/4G/TEST1-AES256.7z
So Slow !

When a crack attempt is started, an xml status file is created in the directory where the archive file is located.
So we can stop the crack and edit the values of the xml file to help speed up the cracking process.

This xml file can be editted to change the character list being used for the crack, in this case as I know the
password is a numerical value, we can edit the xml file so that rarcrack only checks numbers;

nano /media/4G/TEST1-AES256.7z.xml

Changing the character set to numerical only;

Now we restart the attack on the 7z file and the attack will resume but now only check numerical values;

./rarcrack --type 7z --threads 8 /media/4G/TEST1-AES256.7z

Video on the above using rarcrack can be found here ;

Although I am trying to stick to the back|track tools in my posts, I have to divert somewhat here and mention a Windows tool by Elcomsoft; "Advanced Archive Password Recovery" (ARCHPR).
It is a great tool and Elcomsoft have password recovery tools for a fantastic number of filetypes.

It has an easy interface with various cracking options such as Bruteforce and Dictionary attacks, and is also able to include characters which you think may be correct and mask those you want testing, as in; pass????.

The speed reached is much better in most cases than what rarcrack achieves and also is more flexible on which files can be chosen, although it does not support 7zip created archives.

With rarcrack I was having trouble with it catching the passwords on zip files with AES encryption, ARCHPR has no trouble with these.

ARCHPR in action with bruteforce options ;

 Dictionary attack ;



  2. Well, you dont download it, it is installed along with backtrack4.
    It can be found in the directory;

    Otherwise a quick google search;

    Work on your google-fu ..

    1. do you need to burn the whole rarcrack into a cd?

    2. Well no,

      Backtrack has been discontinued and is now replaced with Kali, in Kali rarcrack is no longer available directly from the repos.

      For rar files I would now suggest trying the program 'cRARk' which can be run on linux or windows and has GPU support.

  3. help me guys ! this file in format c - (rarcrack.c and rarcrack.h) what can i do ?

  4. hi there, can you please help me out by knowing,after it(rarcrack) says the password is cracked,where can i find that password??

  5. I dont understand your question..

    If the correct password is found then you get a result ;
    GOOD: Password cracked: 'password_here'

    So what else would you need ?

  6. hey, I keep getting "segmentation fault: 11"
    any idea what the problem is and how to fix it?

  7. The only thing that my google-fu turned up was ;

  8. If you're getting segmentation faults, try adding all the options.

    include "--type [TYPE]" and "--threads [NUM]"

    When I do "./rarcrack file.ext" it gives segmentation faults, but when all options are included it works just fine.

    Also, if you look on SourceForge, in the "files" section the latest is rarcrack-0.2, but there is rarcrack-0.3 in the SourceForge git repos.

  9. hey there I just installed rarcrack without problems, I've also downloaded all the libraries and that stuff and I'm just doing what's being shown on the video; the thing is that it appears

    INFO: the specified archive type: rar
    INFO: cracking /home/luis/Descargas/UPDATES-APRIL25TH2012.rar, status file: /home/luis/Descargas/UPDATES-APRIL25TH2012.rar.xml
    GOOD: password cracked: '5'
    GOOD: password cracked: '1'
    GOOD: password cracked: '6'
    GOOD: password cracked: '7'
    GOOD: password cracked: '4'
    GOOD: password cracked: '3'
    GOOD: password cracked: '0'
    GOOD: password cracked: '2'
    It's a long password and it has both numbers and letters so this just doesn't make any sense, any suggestions?

    1. Uninstall unrar(nonfree) and replace by unrar(free)

  10. Hi,
    I ' m using kali and this does nt have rar crack too.Would you please guide me what to do?

  11. Hi guys,
    When i wanted to install the rarcrack in kali I recieved the following message could you please help me.
    tar -xjf rarcrac-0.2.tar.bz2
    tar (child): rarcrac-0.2.tar.bz2: Cannot open: No such file or directory
    tar (child): Error is not recoverable: exiting now
    tar: Child returned status 2
    tar: Error is not recoverable: exiting now
    When I convert that to gz I also received this:
    tar -xjf rarcrac-0.2 gz
    tar (child): rarcrac-0.2: Cannot open: No such file or directory
    tar (child): Error is not recoverable: exiting now
    tar: Child returned status 2
    tar: Error is not recoverable: exiting now

  12. Hi brother first Gratz with this tuto and your blog too. where can i get this world list for try to crack a password rar Thanks

  13. I use PasswordWrench. I switch my important passwords every 30-60 days, and make them long, but I can none remember them and ended up using variations of the same password over and over, which is not safe. This way they help me originate my own personal system for managing my passwords.


Google Analytics Alternative