Date: Wed, 13 Feb 2013 21:33:55 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-users@...ts.openwall.com Subject: Re: RAR Cracking with JtR Jumbo (Files found during forensics) On Wed, Feb 13, 2013 at 9:16 PM, Nicolas Brulez <nicolas.Brulez@...persky.com> wrote: > This is what i got from rar2john: > > $rar3$*0*deaac5fe718c2eb0*ca36e398cc9ea2c54cfd92d378a84fe7 > $rar3$*0*97c9bc9cbc1e00ac*92d09807b3932d3d9ad4fbb80a06c29e > $rar3$*0*7d1ac6125f295a5a*c48559081a762e1a6db410e21e786881 RAR files corresponding to these hashes were generated using "rar -hp ..." command which means that even the filenames are encrypted. Even WinRAR cannot strip the SFX module from such RAR SFX files. Can you share your method / steps for extracting the actual RAR archive from a WinRAR SFX file in more detail? -- Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.