Date: Wed, 13 Feb 2013 13:21:24 +0000 From: Nicolas Brulez <nicolas.Brulez@...persky.com> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: RE: RAR Cracking with JtR Jumbo (Files found during forensics) Hello Bartosz, Unfortunately, there were no text files with the password AFAIK. That's the first thing i looked at, as well as traces of the password in memory dump. No luck :( Nico -- Best regards, Nicolas Brulez | Malware Expert - Global Research and Analysis Team | Kaspersky Lab -----Message d'origine----- De : pierzi [mailto:pierzi@...il.com] Envoyé : mercredi 13 février 2013 14:15 À : john-users@...ts.openwall.com Objet : Re: [john-users] RAR Cracking with JtR Jumbo (Files found during forensics) Hello Nicolas I had little expirience with trojans encrypted with so called FUD, as far as i've seen passowrds for encrypted installation/updateds were stored in plain text file next to archive. Passwords however were very complex. I know it's long shot but if You still can access infected machine, it might be worth to check for those text files... best regards Bartosz 2013/2/13 Dhiru Kholia <dhiru.kholia@...il.com> > On Wed, Feb 13, 2013 at 4:38 PM, Nicolas Brulez > <nicolas.Brulez@...persky.com> wrote: > > While doing investigations, several RAR password protected SFX files > were found on hundreds of machines. > > > > I have limited power for cracking password, and I tried "crark". Using > my CPU I could only reach 245 c/s and my single GPU reached 1200 c/s. > > I have tried several things: Some simple wordlist, brute forcing only > lowercase, numbers, low/upp/numb/special and i didn't find anything. > > I don't think the passwords are that complex, but the limited power I > have probably did not help. > > Maybe Jeremi Gosney (@jmgosney) can help with the computing power part. > > -- > Dhiru >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.