Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 28 Sep 2020 23:25:12 +0200
From: Lasse Ibsen <lasse.w.ibsen@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: rar2john multiple rar file parts

But as i read from the github, it seems like i am just not using john
correctly. I guess i have to find some better documentation.

Den man. 28. sep. 2020 kl. 23.20 skrev Lasse Ibsen <lasse.w.ibsen@...il.com
>:

> Hey all, sorry for the late reply. We just had a death in close family and
> another terminally ill, so life is a party!
> I have run tests on .rar files i have made under known conditions. As it
> stands for now, I can (as expected) find the password just fine with a
> single file. With multiple files I have no luck, no matter whether I do. I
> have put all the hashes in the same file, and john does recognize them as
> different salts but cannot find the right pass. As said previously, the
> hashes from each file are different. WinRar obviously knows what part of
> the hashes to use, but do we have anyway of finding out?
>
> Den ons. 23. sep. 2020 kl. 09.32 skrev Solar Designer <solar@...nwall.com
> >:
>
>> Hi Lasse,
>>
>> > > On 2020-09-18 00:52, Lasse Ibsen wrote:
>> > > >Hey, very simple question. How do I use rar2john with multiple parts
>> to a
>> > > >rar file? eg. test.part01.rar.. test.part99.rar ? When ever i use
>> rar2john
>> > > >on a single file i get the right hash, but when i use it on parts i
>> don't.
>>
>> Can you give this another try and provide more detail on how that
>> archive was generated (what tool, what options), how exactly rar2john
>> fails on its parts, and what version of JtR you're using?
>>
>> You might want to also create a test archive with a known password, and
>> try rar2john on its parts.  This way, you would know exactly how the
>> archive was generated and whether rar2john works on that right or not.
>>
>> We're now tracking the issue you reported here:
>>
>> https://github.com/openwall/john/issues/4346
>>
>> but without further information from you we can't do much about it.
>>
>> oayz writes that rar2john just works on archive parts, so perhaps
>> there's something different in your case.  Note that oayz uses a version
>> slightly newer than our 1.9.0-jumbo-1 release, although I doubt that
>> difference matters in this case (I'm not aware of a relevant change).
>>
>> The only post-release change to rar2john itself is this:
>>
>> commit 4ef1ef28f91034cebce396f81456c540f00355ab
>> Author: magnum <john.magnum@...hmail.com>
>> Date:   Mon Feb 3 11:56:37 2020 +0100
>>
>>     Strip ':' from login fields produced by *2john tools.  Closes #4200
>>
>> Anyway, you can get a recent automatic build for Windows by clicking
>> through the "Download Windows Build" badge in our README.md here:
>>
>> https://github.com/openwall/john
>>
>> Alexander
>>
>> On Sat, Sep 19, 2020 at 04:50:46AM +0000, oayz wrote:
>> >  I see no problems. Using command line RAR under Windows 7:
>> > RAR 3.61   Copyright (c) 1993-2006 Alexander Roshal   14 Sep 2006
>> > as
>> > > rar a -v1000 -hpMyPass rarfile filesdir\*.*
>> >
>> >
>> > getting 60 rar parts 977kb each
>> > using rar2john.exe from
>> > John the Ripper 1.9.0-jumbo-1+bleeding-e1362a0 2019-10-25 13:27:48
>> +0200 OMP [cygwin 64-bit x86_64 SSE2 AC]
>> >
>> >
>> > as:
>> >  > rar2john.exe rarfile.part01.rar > rar2john.exe rarfile.part10.rar
>> > > rar2john.exe rarfile.part60.rar
>> >
>> >
>> > getting
>> >
>> rarfile.part01.rar:$RAR3$*0*f04f0dd9963bd69b*8a9f6b99a352470292ee23cc67260141:0::::
>> rarfile.part01.rar
>> >
>> rarfilepart10.rar:$RAR3$*0*8b5d156b052880a6*cf7d0c69a98b33ea8f83c85034583fc8:0::::
>> rarfile.part10.rar
>> >
>> rarfile.part60.rar:$RAR3$*0*d3335c13768340f7*e4d207ae3ec581ac39dd0e4c03a81492:0::::
>> rarfile.part60.rar
>> >
>> >
>> > As you can see any of rar parts work, hashes are different
>> > I've heard there is older RAR (older than mine?!) which uses different
>> naming scheme:
>> >  rarfile.rarrarfile.r01
>> > rarfile.r60
>> >
>> >
>> > Also there is WinRar and WinZip which may work differently that command
>> line RAR.
>> >
>> >
>> > Hope this helps.
>> > Thanks!/oa
>>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.