Date: Wed, 13 Feb 2013 15:46:19 +0000 From: Nicolas Brulez <nicolas.Brulez@...persky.com> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: RE: RAR Cracking with JtR Jumbo (Files found during forensics) Thanks a lot Alexander for the information. I will need to read it several times. >Your 1200 c/s is a fine speed - it's roughly what you should expect on one non-high-end GPU. I have a stupid question, how to enable GPU on windows with JtR? >From my tests, it seems, it doesn't use it by default. 1200 was given by crark, I'd like to compare with JtR. >For distributed cracking, do you intend to use your own computers or to get a community involved? I am not sure yet. Not a single clue of how the distribution is done on JtR. I have several machines, maybe i could try it at home. I also received an offer, I suppose i could use my computers as well as people willing to help at the same time ? >You may be able to share the output of rar2john to let the community try cracking the password(s), too. This is what i got from rar2john: $rar3$*0*deaac5fe718c2eb0*ca36e398cc9ea2c54cfd92d378a84fe7 $rar3$*0*97c9bc9cbc1e00ac*92d09807b3932d3d9ad4fbb80a06c29e $rar3$*0*7d1ac6125f295a5a*c48559081a762e1a6db410e21e786881 Thanks again and to everyone who replied. Nico -- Best regards, Nicolas Brulez | Malware Expert - Global Research and Analysis Team | Kaspersky Lab -----Message d'origine----- De : Solar Designer [mailto:solar@...nwall.com] Envoyé : mercredi 13 février 2013 15:35 À : john-users@...ts.openwall.com Objet : Re: [john-users] RAR Cracking with JtR Jumbo (Files found during forensics) On Wed, Feb 13, 2013 at 11:08:57AM +0000, Nicolas Brulez wrote: > I have limited power for cracking password, and I tried "crark". Using my CPU I could only reach 245 c/s and my single GPU reached 1200 c/s. Here are some --test benchmarks for JtR bleeding-jumbo. FX-8120 CPU: Benchmarking: RAR3 SHA-1 AES (4 characters) [32/64]... (8xOMP) DONE Raw: 372 c/s real, 46.5 c/s virtual HD 7970 GPU: Benchmarking: RAR3 SHA-1 AES (6 characters) [OpenCL]... (8xOMP) DONE Raw: 2486 c/s real, 10995 c/s virtual (The "real" c/s is what you care about in either case.) I think actual speed will vary between RAR files, and for different password lengths being tested. Your 1200 c/s is a fine speed - it's roughly what you should expect on one non-high-end GPU. > I have tried several things: Some simple wordlist, brute forcing only lowercase, numbers, low/upp/numb/special and i didn't find anything. You may try using JtR to produce some highly focused candidate password lists - use a tiny common passwords list like JtR's bundled password.lst and RockYou's top N (where N is e.g. 10k), apply some rules on top of that, such as using Simon's work-in-progress optimal ruleset: http://openwall.info/wiki/john/rules#Simon-Marechal-s-ongoing-work-towards-an-optimal-ruleset and pass the result through JtR's "unique" program to eliminate any dupes without re-ordering. You may combine larger input wordlists (e.g. more of RockYou top passwords, up to millions) with smaller rulesets, and vice versa, as long as the total number of candidate passwords stays sane. You may also use JtR's incremental and Markov modes. > I am looking for advices on the best setup to use JtR to crack RAR archives. Maybe using distributed cracking or something. > I extracted the RAR archives from the SFX in order to use rar2john and I am now looking for the smartest way to use JtR. Great. What tool did you use to extract the RAR archives from the SFX? For distributed cracking, do you intend to use your own computers or to get a community involved? You may be able to share the output of rar2john to let the community try cracking the password(s), too. Since this code in JtR keeps evolving, I recommend trying latest unstable-jumbo or bleeding-jumbo (for both rar2john and john) - our git trees. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.