Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Feb 2013 11:08:57 +0000
From: Nicolas Brulez <nicolas.Brulez@...persky.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: RAR Cracking with JtR Jumbo (Files found during forensics)

Hello,

After i discussed with Solar Designer, he told me i should try to email the list and expose my problem.
So here it is:

While doing investigations, several RAR password protected SFX files were found on hundreds of machines.
I suspect they contain updates/backups of the trojans that were deployed (according to time line analysis)
However, I can't tell for sure until I cracked them.

I have limited power for cracking password, and I tried "crark". Using my CPU I could only reach 245 c/s and my single GPU reached 1200 c/s.
I have tried several things: Some simple wordlist, brute forcing only lowercase, numbers, low/upp/numb/special and i didn't find anything.
I don't think the passwords are that complex, but the limited power I have probably did not help. (Plus the fact i had to use a laptop and that crark does not support
resume)

I am looking for advices on the best setup to use JtR to crack RAR archives. Maybe using distributed cracking or something.
I extracted the RAR archives from the SFX in order to use rar2john and I am now looking for the smartest way to use JtR.

My configuration:

Windows 7 (I usually deal with malwares ;-)
CPU: i7 3740QM 2.7 ghz + turbo boost
RAM: 16 gigs
GPU: Quadro K2000M

While this machine is perfect for working, It's pretty weak for password cracking (which I never have to do)

Thanks everyone,

Nicolas

--
Best regards,

Nicolas Brulez | Malware Expert - Global Research and Analysis Team | Kaspersky Lab


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.