Tagged: bash

Using John the Ripper to crack a password protected RAR archive.

I recently had a RAR archive that I needed to find the password for. I searched for RAR cracking tools on the web, but didn’t see anything impressive. I didn’t want a straight brute force tool either, I wanted something that would use a dictionary as input and do some common permutations kind of like … hey wait a minute theĀ output of JTR fed into rar is what I need!

So I decided to join JTR and the standard rar archive tools together with a little script. It worked perfectly.

You need to install the rar and john tools so:

sudo apt-get install rar john

You also need a wordlist, the rockyou is a good start.

Here is the script:

#!/bin/bash
echo "RAR-JTR Decrypt Script";
if [ $# -ne 2 ]
then
echo "Usage $0 <rarfile> <wordlist>";
exit;
fi
rar l $1
john --wordlist=$2 --rules --stdout | while read i
do
 echo -ne "\rtrying \"$i\" " 
 rar e -o+ -inul -p$i $1 >/dev/null 
 STATUS=$?
 if [ $STATUS -eq 0 ]; then
 echo -e "\nArchive password is: \"$i\"" 
 break
 fi
done

And here is a sample run:

$ ./rar-jtr.sh lame2.rar lame.dic 
RAR-JTR Decrypt Script
RAR 3.93 Copyright (c) 1993-2010 Alexander Roshal 15 Mar 2010
Shareware version Type RAR -? for help
Archive lame2.rar
Name Size Packed Ratio Date Time Attr CRC Meth Ver
-------------------------------------------------------------------------------
*lame.txt 46 48 104% 16-08-12 18:03 -rw-r--r-- 37F47C80 m3b 2.9
-------------------------------------------------------------------------------
 1 46 48 104%
words: 405 time: 0:00:00:00 100% w/s: 40500 current: Lamepassing
trying "Lamepassed" 
Archive password is: "Lamepassed"
Advertisements