Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 13 Feb 2013 14:14:33 +0100
From: pierzi <pierzi@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: RAR Cracking with JtR Jumbo (Files found during forensics)

Hello Nicolas
I had little expirience with trojans encrypted with so called FUD, as far
as i've seen passowrds for encrypted installation/updateds were
stored in plain text file next to archive. Passwords however were very
complex. I know it's long shot but if You still can access infected
machine, it might be worth to check for those text files...

best regards
Bartosz


2013/2/13 Dhiru Kholia <dhiru.kholia@...il.com>

> On Wed, Feb 13, 2013 at 4:38 PM, Nicolas Brulez
> <nicolas.Brulez@...persky.com> wrote:
> > While doing investigations, several RAR password protected SFX files
> were found on hundreds of machines.
> >
> > I have limited power for cracking password, and I tried "crark". Using
> my CPU I could only reach 245 c/s and my single GPU reached 1200 c/s.
> > I have tried several things: Some simple wordlist, brute forcing only
> lowercase, numbers, low/upp/numb/special and i didn't find anything.
> > I don't think the passwords are that complex, but the limited power I
> have probably did not help.
>
> Maybe Jeremi Gosney (@jmgosney) can help with the computing power part.
>
> --
> Dhiru
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.