Jump to content

[CONTEST]Can Ya Crack This??

PLuNK

By PLuNK
in Security

 Share

Recommended Posts

digip Newbie

digip

Posted
Posted
Also try this as a password 00998

How did you come up with that number? A brute force program?

Link to comment
Share on other sites
  • Replies 138
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Zimmer Newbie

Zimmer

Posted
Posted

Well I was trying to create my own brute forcer in python does it work for anyone?

import sys
rarfiles =raw_input("What RAR files do you want to run? ")
x = "abcdefghijklmnopqrstuvwxyzzABCDEFGHIJKLMNOPQRSTUVWXYZZ1234567890"  #64
b = -1
c = -1
r = -1
z = -1
v = -1
q = -1
w = -1
e = -1
t = -1
y = -1
def crack10():
        sys(r'"C:\Program Files\WinRAR\Rar.exe" x -p[',x[q]+x[w]+x[e]+x[t]+x[y]+x[v]+x[z]+x[r]+x[c]+x[b],r']' ,rarfiles)

while v<63:
        b=b+1
        if b==64:
                c = c + 1
                b = 0
        if c==64:
                r = r + 1
                c = 0
                b = 0
        if r==64:
                z=z+1
                r = 0
                c = 0
                b = 0
        if z==64:
                v=v+1
                z = 0
                r = 0
                c = 0
                b = 0
        if v==64:
                y=y+1
                v = 0
                z = 0
                r = 0
                c = 0
                b = 0
        if y==64:
                t=t+1
                y = 0
                v = 0
                z = 0
                r = 0
                c = 0
                b = 0 #tewq
        if t==64:
                e=e+1
                t = 0
                y = 0
                v = 0
                z = 0
                r = 0
                c = 0
                b = 0
        if e==64:
                w=w+1
                e = 0
                t = 0
                y = 0
                v = 0
                z = 0
                r = 0
                c = 0
                b = 0
        if w==64:
                q=q+1
                w = 0
                e = 0
                t = 0
                y = 0
                v = 0
                z = 0
                r = 0
                c = 0
                b = 0
        crack10()

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
Posted
Well I was trying to create my own brute forcer in python does it work for anyone?

My out put

What RAR files do you want to run? b.rar
Traceback (most recent call last):
  File "brute.py", line 82, in <module>
    crack10()
  File "brute.py", line 15, in crack10
    sys(r'"C:\Program Files\WinRAR\Rar.exe" x -p[',x[q]+x[w]+x[e]+x[t]+x[y]+x[v]+x[z]+x[r]+x[c]+x[b],r']' ,rarfiles)
TypeError: 'module' object is not callable

Sorry didnt notice it was for windows

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
Posted

RAR/WinRAR archiver version 2.x used its proprietary, but rather strong encryption algorithm. At least no RAR 2.0 attacks were known except brute force.

Starting from version 3.0, RAR has been using a strong AES algorithm, which doesn't allow any attacks more effective than the brute force. Besides, the encryption is implemented so that brute force speed on modern computer is very low, about 100 passwords per second. This carries inference that RAR 3.x system is the strongest between popular encryption systems in the context of brute force. This means you couldn't recover RAR password longer than 6-7 symbols if you have no information about the password.

http://www.password-crackers.com/en/articles/12/#3.1

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

i wanna bump my original question

"did the dude who started this topic make these or are they coming from another place?"

and if he did get them from somewhere else... than did he actually figure these out himself?

If he did in fact make these as an exercise in cryptography or stenography... then there has to be clues in the file that point to how its been put together. I seriously doubt any amount of brute forcing is going to unlock anything. Its all about clues and I'm sure its hidden in the file structure and or contents. Now again these statements are made assuming he is the one who designed these.

There are different methods of hiding or obscuring data so its hard to decipher.

A few are binding different file formats together and striping thier header information.... which was the case in the previous files he posted, as far as the passwords goes... they are probably hidden somewhere in each piece. Like a sequential logic puzzle.

It would be nice if he could just answer one question of mine which is will any of the decryption require brute forcing? because if so then I'm not really interested in this.

Link to comment
Share on other sites
PLuNK Newbie

PLuNK

Posted
  • Author
Posted
i wanna bump my original question

"did the dude who started this topic make these or are they coming from another place?"

and if he did get them from somewhere else... than did he actually figure these out himself?

If he did in fact make these as an exercise in cryptography or stenography... then there has to be clues in the file that point to how its been put together. I seriously doubt any amount of brute forcing is going to unlock anything. Its all about clues and I'm sure its hidden in the file structure and or contents. Now again these statements are made assuming he is the one who designed these.

There are different methods of hiding or obscuring data so its hard to decipher.

A few are binding different file formats together and striping thier header information.... which was the case in the previous files he posted, as far as the passwords goes... they are probably hidden somewhere in each piece. Like a sequential logic puzzle.

It would be nice if he could just answer one question of mine which is will any of the decryption require brute forcing? because if so then I'm not really interested in this.

Yes I did create these,

Once you get passed the password It gets interesting.

Maybe the file name has something to do with the password?

dGVlbnMNCmVuam95DQpudW1iZXJzDQoNCnVzdWFsbHkNCm5vdGhpbmcNCmRpZ3MNCmVycmF0aWNh
bGx5DQpydWRlDQoNCnNvbWUNCmNhcnZlDQpvdXQNCnJvdW5kZWQNCmVnZ3MNCg==

Ooh what's that?

Link to comment
Share on other sites
Giezr Newbie

Giezr

Posted
Posted

Long time reader, first time poster. Hey :)

dGVlbnMNCmVuam95DQpudW1iZXJzDQoNCnVzdWFsbHkNCm5vdGhpbmcNCmRpZ3MNCmVycmF0aWNh

bGx5DQpydWRlDQoNCnNvbWUNCmNhcnZlDQpvdXQNCnJvdW5kZWQNCmVnZ3MNCg==

Is Base64, according to MaxieZ's web Base64 decoder (link) it says:

teens

enjoy

numbers

usually

nothing

digs

erratically

rude

some

carve

out

rounded

eggs

Which doesn't mean anything to me. But if you read the first letter of each line you get:

ten under score

And that's as far as I've got. Still can't open the RAR file. Using mainly WinRAR and Advanced Archive Recovery.

Good Luck,

Giezr

Link to comment
Share on other sites
PLuNK Newbie

PLuNK

Posted
  • Author
Posted

Nope not at all.

That was just something I quickly made and figured I'd post it..

So I have no way of knowing what the password is on the original file.

But the current one is well constructed,

Although there's one section after the password (When you receive 3 RAR files)

Which I stuffed up and you can just bypass it by extracting...

But after that It gets quite interesting..

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted
Has anyone been able to open the first rar, pirate one?

nope...

i really have no idea where to start with this one... barring brute forcing im not sure where to go from here...

i been looking for clues in the file structure but i cant find anything....

Link to comment
Share on other sites
PLuNK Newbie

PLuNK

Posted
  • Author
Posted

That's a clue,

And to anyone who might have contacted me, No I will not provide the password.

Link to comment
Share on other sites
Giezr Newbie

Giezr

Posted
Posted

Just a note, I tried a crappy "pirate words" wordslist that didn't work. And I've tried every variation of "ten under score" I can think of as the password with no success.

Elcomsoft's software is pretty spot on. Sadly they don't support using the GPU to crack RAR files, yet.

Giezr

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
Posted

That was me that tired to contact him fyi. I did the same as Giezr. I guess its just to late to keep on trying. Maybe some sleep will do me well..

What i think ill do in the morning is make a blank rar, or put some text file in it and compare the containers. After that ill post all the information inside the container, the encrypted data, which are more rar files... I might add a rar file to another and see how that looks, but im pretty sure that the AES has mutated it in some way... oh well

Link to comment
Share on other sites
DrCheeseit Newbie

DrCheeseit

Posted
Posted

im brute forcing it its been going on all night im running it starting from 2 chars till whenever i feel like makin it stop im using upper and lower case and special chars as well as numbers and its been running for hours and hours and i still have yet to find it >.<

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted
That was me that tired to contact him fyi. I did the same as Giezr. I guess its just to late to keep on trying. Maybe some sleep will do me well..

What i think ill do in the morning is make a blank rar, or put some text file in it and compare the containers. After that ill post all the information inside the container, the encrypted data, which are more rar files... I might add a rar file to another and see how that looks, but im pretty sure that the AES has mutated it in some way... oh well

i actually already tried that...

this is what the hex dump looks of a blank text document inside a rar looks like

Rar!.....s..........Jbt .)..............4gj9.0.. ...blank.txt.={.@..

this part 'Rar!.....s' is the rar header. I didnt encrypt or password this file.

Thats actually how i fixed the strongest dog rar file...

here is the same file only using zip instead of rar

PK........4gj9................blank.txtPK..........4gj9................
...... .......blank.txtPK..........7...'.....

Link to comment
Share on other sites
Giezr Newbie

Giezr

Posted
Posted

Just something interesting I stumbled upon in WinRAR and this might already be obvious, if so excuse the post.

When making a RAR with WinRAR you have to click "Encrypt file names" when setting the password or the file names are visible when viewing the file in a hex editor.

Example:

Password protected but "Encrypt file names" not checked:

Rar!.....s...........9t$.5. ..........1]..k9.3.. ...test.txt...i..*.....I....ep.p.{./....Y..#.TQ.G}.u.K...={.@..

Same file, same password, with "Encrypt file names" checked:

Rar!.....s.........."....J......7&amp;c~..}....5i0.|.y.....B.j.....1M.....h..5..h. i9s...n;.9.Js..2.=.....S.x..."....J..n*......m3UZ....'.K.b.I2....-9.I.j&amp;.a3.....B+. .8.d...):8..A..+...8C2&gt;.......e&amp;..U...2... q&lt;...."....J..E..#...A.....\.s

Read below for bullshit theories!

In the first files PLuNK distributed we had to play with the header to get the file to work. I'm not really sure it's the header but that's what I'm gonna call it.

Well I've made a ton of RARs now and they all start with:

Rar!.....s

Now the "clue" we have been provided is "ten under score". That Rar!.....s is the first 10 characters of any RAR file. Probably coincidence, and I'm probably headed down the wrong street here.

</bs>

Thanks,

Giezr

Link to comment
Share on other sites
DrCheeseit Newbie

DrCheeseit

Posted
Posted

omg... i dont think were gonna get into it im running 3 brute forcers at once 1 with uppercase letters one wit lower case and one wit numbers im pretty sure that the password isnt pure numbers considering ive gone thru 185,000 diff possobilities in the last like 7 mins and im still working on the letters but im not completely sure that the brute forcers are actually trying to get into it

i put Z:\home\luis\Desktop\arr_pirate.rar as the resource for it but idk if its actually trying to open it or am i working it wrong?

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
Posted
omg... i dont think were gonna get into it im running 3 brute forcers at once 1 with uppercase letters one wit lower case and one wit numbers im pretty sure that the password isnt pure numbers considering ive gone thru 185,000 diff possobilities in the last like 7 mins and im still working on the letters but im not completely sure that the brute forcers are actually trying to get into it

i put Z:\home\luis\Desktop\arr_pirate.rar as the resource for it but idk if its actually trying to open it or am i working it wrong?

What program are you using to brute it?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...