Date: Wed, 13 Feb 2013 14:14:33 +0100 From: pierzi <pierzi@...il.com> To: john-users@...ts.openwall.com Subject: Re: RAR Cracking with JtR Jumbo (Files found during forensics) Hello Nicolas I had little expirience with trojans encrypted with so called FUD, as far as i've seen passowrds for encrypted installation/updateds were stored in plain text file next to archive. Passwords however were very complex. I know it's long shot but if You still can access infected machine, it might be worth to check for those text files... best regards Bartosz 2013/2/13 Dhiru Kholia <dhiru.kholia@...il.com> > On Wed, Feb 13, 2013 at 4:38 PM, Nicolas Brulez > <nicolas.Brulez@...persky.com> wrote: > > While doing investigations, several RAR password protected SFX files > were found on hundreds of machines. > > > > I have limited power for cracking password, and I tried "crark". Using > my CPU I could only reach 245 c/s and my single GPU reached 1200 c/s. > > I have tried several things: Some simple wordlist, brute forcing only > lowercase, numbers, low/upp/numb/special and i didn't find anything. > > I don't think the passwords are that complex, but the limited power I > have probably did not help. > > Maybe Jeremi Gosney (@jmgosney) can help with the computing power part. > > -- > Dhiru >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.