Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 13 Feb 2013 15:46:19 +0000
From: Nicolas Brulez <nicolas.Brulez@...persky.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: RE: RAR Cracking with JtR Jumbo (Files found during
 forensics)

Thanks a lot Alexander for the information.
I will need to read it several times.

>Your 1200 c/s is a fine speed - it's roughly what you should expect on one non-high-end GPU.

I have a stupid question, how to enable GPU on windows with JtR?
>From my tests, it seems, it doesn't use it by default.
1200 was given by crark, I'd like to compare with JtR.

>For distributed cracking, do you intend to use your own computers or to get a community involved?
I am not sure yet. Not a single clue of how the distribution is done on JtR.
I have several machines, maybe i could try it at home. I also received an offer, I suppose i could use my computers
as well as people willing to help at the same time ?

>You may be able to share the output of rar2john to let the community try cracking the password(s), too.

This is what i got from rar2john:

$rar3$*0*deaac5fe718c2eb0*ca36e398cc9ea2c54cfd92d378a84fe7
$rar3$*0*97c9bc9cbc1e00ac*92d09807b3932d3d9ad4fbb80a06c29e
$rar3$*0*7d1ac6125f295a5a*c48559081a762e1a6db410e21e786881

Thanks again and to everyone who replied.

Nico

-- 
Best regards,

Nicolas Brulez | Malware Expert - Global Research and Analysis Team | Kaspersky Lab


-----Message d'origine-----
De : Solar Designer [mailto:solar@...nwall.com] 
Envoyé : mercredi 13 février 2013 15:35
À : john-users@...ts.openwall.com
Objet : Re: [john-users] RAR Cracking with JtR Jumbo (Files found during forensics)

On Wed, Feb 13, 2013 at 11:08:57AM +0000, Nicolas Brulez wrote:
> I have limited power for cracking password, and I tried "crark". Using my CPU I could only reach 245 c/s and my single GPU reached 1200 c/s.

Here are some --test benchmarks for JtR bleeding-jumbo.  FX-8120 CPU:

Benchmarking: RAR3 SHA-1 AES (4 characters) [32/64]... (8xOMP) DONE
Raw:    372 c/s real, 46.5 c/s virtual

HD 7970 GPU:

Benchmarking: RAR3 SHA-1 AES (6 characters) [OpenCL]... (8xOMP) DONE
Raw:    2486 c/s real, 10995 c/s virtual

(The "real" c/s is what you care about in either case.)

I think actual speed will vary between RAR files, and for different
password lengths being tested.

Your 1200 c/s is a fine speed - it's roughly what you should expect on
one non-high-end GPU.

> I have tried several things: Some simple wordlist, brute forcing only lowercase, numbers, low/upp/numb/special and i didn't find anything.

You may try using JtR to produce some highly focused candidate password
lists - use a tiny common passwords list like JtR's bundled password.lst
and RockYou's top N (where N is e.g. 10k), apply some rules on top of
that, such as using Simon's work-in-progress optimal ruleset:

http://openwall.info/wiki/john/rules#Simon-Marechal-s-ongoing-work-towards-an-optimal-ruleset

and pass the result through JtR's "unique" program to eliminate any
dupes without re-ordering.

You may combine larger input wordlists (e.g. more of RockYou top
passwords, up to millions) with smaller rulesets, and vice versa, as
long as the total number of candidate passwords stays sane.

You may also use JtR's incremental and Markov modes.

> I am looking for advices on the best setup to use JtR to crack RAR archives. Maybe using distributed cracking or something.
> I extracted the RAR archives from the SFX in order to use rar2john and I am now looking for the smartest way to use JtR.

Great.  What tool did you use to extract the RAR archives from the SFX?

For distributed cracking, do you intend to use your own computers or to
get a community involved?

You may be able to share the output of rar2john to let the community try
cracking the password(s), too.

Since this code in JtR keeps evolving, I recommend trying latest
unstable-jumbo or bleeding-jumbo (for both rar2john and john) - our git
trees.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.