Date: Wed, 13 Feb 2013 11:08:57 +0000 From: Nicolas Brulez <nicolas.Brulez@...persky.com> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: RAR Cracking with JtR Jumbo (Files found during forensics) Hello, After i discussed with Solar Designer, he told me i should try to email the list and expose my problem. So here it is: While doing investigations, several RAR password protected SFX files were found on hundreds of machines. I suspect they contain updates/backups of the trojans that were deployed (according to time line analysis) However, I can't tell for sure until I cracked them. I have limited power for cracking password, and I tried "crark". Using my CPU I could only reach 245 c/s and my single GPU reached 1200 c/s. I have tried several things: Some simple wordlist, brute forcing only lowercase, numbers, low/upp/numb/special and i didn't find anything. I don't think the passwords are that complex, but the limited power I have probably did not help. (Plus the fact i had to use a laptop and that crark does not support resume) I am looking for advices on the best setup to use JtR to crack RAR archives. Maybe using distributed cracking or something. I extracted the RAR archives from the SFX in order to use rar2john and I am now looking for the smartest way to use JtR. My configuration: Windows 7 (I usually deal with malwares ;-) CPU: i7 3740QM 2.7 ghz + turbo boost RAM: 16 gigs GPU: Quadro K2000M While this machine is perfect for working, It's pretty weak for password cracking (which I never have to do) Thanks everyone, Nicolas -- Best regards, Nicolas Brulez | Malware Expert - Global Research and Analysis Team | Kaspersky Lab
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.