Jump to content

[CONTEST]Can Ya Crack This??

PLuNK

By PLuNK
in Security

 Share

Recommended Posts

  • Replies 138
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Giezr Newbie

Giezr

Posted
Posted
im using netbrute -.-

if im using netbrute right then its not a number becouse ive gone thru 220million passes

its a pretty fast brute forcer it goes thru like 300 per a second

Wow no shit!? Thats incredibly fast for a RAR cracker. My Advanced Archive Recovery which I uh, paid for, is doing good to get 40 a second.

I will have to check that out.

Giezr

Link to comment
Share on other sites
PLuNK Newbie

PLuNK

Posted
  • Author
Posted

Maybe the Base64 string I provided before was a hint to the password?

And there's no numbers by the way ;)

Link to comment
Share on other sites
Giezr Newbie

Giezr

Posted
Posted

I'm not one to grovel for hints, but here it goes.

Do we need to work more on the meaning of your hint? Do we have all the info we need to get the pass? I'm guessing we are missing something, because the only pass related info so far was the hint. Is there anything more we can extract from the file or do we just need to look somewhere else.

<rambling>

I've been looking for all sorts of "ten under score" info and haven't got much. Does anyone know if it applies to computing in any sorta way? Also I was thinking maybe it was a sports term. I've tried golf, cricket, football (and soccer :) ), I'm leaning against a sports term.

</rambling>

Thanks,

Giezr

Link to comment
Share on other sites
PLuNK Newbie

PLuNK

Posted
  • Author
Posted

You've got all the info you need,

The password is very simple & I wasn't expecting It to be the main focus.

Some of the file names may be hints also..

Link to comment
Share on other sites
depill Newbie

depill

Posted
Posted

We have all the info we need.

we have 3 filenames

arr_pirate.rar

blank.txt

test.txt

ten under score

10_

ten_

10underscore

apart from meaning Guybrush: "arr! ahoy there Wally"

arr could also mean array.

Time to watch some BSG drink lots of caffeine and get cracking.

This will be solved today <_<

Link to comment
Share on other sites
twocs Newbie

twocs

Posted
Posted
Are there any free bruteforcers for RARs. Full Version not trial ware.

CLI version: http://aapr.sourceforge.net/

The file ext. used are just random,

The file password is VERY simple,

Only lowercase & no symbols etc.

According to bruteforce cracking software, simple means more than four characters in length...

Maybe it's on the crack-goodness Hak5 password list? http://wiki.hak5.org/wiki/Password_lists

And I'm not so sure on this ten under score is a good round of golf or what.

http://search.yahoo.com/search?p="ten+under+score"

Link to comment
Share on other sites
DrCheeseit Newbie

DrCheeseit

Posted
Posted

i found netbrute but i have no idea where i got it from lol but ima be gone for a lil bit becouse im switching back to windows

but yah while at school i tried to work it out and what i came up with was this

score= 20 years sooo... possible answer -10years, minus10years, 10 years, tenyears, minustenyears, -tenyears lol and whatever else so go ahead and try those i havnt tried em myself

also ten under score and i guess the files were blank.txt and test.txt so i figured

ten under score

1. b

2. l

3. a

4. n

5. k

6.

7. t

8. e

9. s

10. t

lol so try "t" lmao

but i seriously doubt that

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

interestingly i found a password that works to open the archive.

try the password "ablins" without quotes. The only thing i dont get is that it shows theres nothing in the file. So if this isnt the right password then why does it work to open the file? I think im more confused now...

i also wrote a little python rar/zip password dictionary tester program.... 


import os
import sys
import fileinput

rarfile = " "+"arr_pirate.rar" 
arg1 = "x "
arg2 = "-p"
prog = "7z"+" "
f=open("1dict.txt")

def crack():
    while 1:
        line=f.readline()
        password=line[:-1]
        line=f.readline()
        command_str = prog+arg1+arg2+password+rarfile
        result=os.system(command_str)
        print command_str
crack()

this uses the 7z.exe from 7zip. It does zip and rar. This would also work with rar.exe if you modify the code. Also as a disclaimer. I suck as python right now so any suggestions on making this code better would be appreciated.

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

heres the output from 7z

7-Zip 4.58 beta Copyright © 1999-2008 Igor Pavlov 2008-05-05

Processing archive: arr_pirate.rar

No files to process

Files: 0

Size: 0

Compressed: 15732

7z x -pablins arr_pirate.rar

I also tried it with the gui which opened it but doesn't show any files in it.

However when i tried it with rar.exe it says CRC failed... so im guessing something else may be going on here...

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted
interestingly i found a password that works to open the archive.

try the password "ablins" without quotes. The only thing i dont get is that it shows theres nothing in the file. So if this isnt the right password then why does it work to open the file? I think im more confused now...

i also wrote a little python rar/zip password dictionary tester program.... 


import os
import sys
import fileinput

rarfile = " "+"arr_pirate.rar" 
arg1 = "x "
arg2 = "-p"
prog = "7z"+" "
f=open("1dict.txt")

def crack():
    while 1:
        line=f.readline()
        password=line[:-1]
        line=f.readline()
        command_str = prog+arg1+arg2+password+rarfile
        result=os.system(command_str)
        print command_str
crack()

this uses the 7z.exe from 7zip. It does zip and rar. This would also work with rar.exe if you modify the code. Also as a disclaimer. I suck as python right now so any suggestions on making this code better would be appreciated.

ablins does not work if you tyr it in winRAR but it does in 7zip, only it shows nothing in 7zip. I wonder of the header should be changed to 7zip and then try it what woudl happen??

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

heres another dump of a password that spits out some interesting stuff

F:\crypto>rar x -pabey arr_pirate.rar

RAR 3.61 Copyright © 1993-2006 Alexander Roshal 14 Sep 2006

Shareware version Type RAR -? for help

ê2î→▬¥-+ÄÿåZ«-}+HoUédT▌▌îYêcY++♠)W☻↨É∟Jáj5¬=ú+←▬+n+2E!JL°%YXÉ~▌£Ü-ÑS☺&ì.l

0♫LE-g_♥2-k

-♂~SA£#r↑k948{▌▌!n·B+\+¿;+<↨+9|B-⌂g-++£+f»-

EÜ▌F}♦LölûÉv▌↕W*zvM▌²'+hr♦8D

? ÑGU▌8G+}{▌ajó+åÿÑo☼[e♥à]SWs*☻ -2W¼5ùo-8v+§2ßîg▌2åƒoª+?]Äoµ-á+ßßn☻▌vP]v)=~gæ8F

↑-++W¢_Ѳe%-*p-lÇ▲+O"<ü·Å▲+s- {Ä♫7u+ò6cA☻Vë@t\f¬J-ÿ!ä9¬ßsnP;¬0=ôܪw+=K▌m`+☻p°ûat

º↔X_▌d²½S∟M▼4+☺xÄ-^ßW|aY*♣'▌tuì+=·)GÄ+▲9←òí+♠¬N`ñMg-edèMLR◄}J+"°Y▌+}_Z²+S w½n+ª↕

ÅÅ+♥á+n⌂-5Ü♠F~t▬O}·▌q+B+1+ i♣tQS_↨ ,sFh←↑ü=RYy▌ܶ‼ÆIJ'▬TpÑ+☻▌_☺p(ƒ \2H▌T-ï»▌:¡+{

å

)▲I+ƒ▌}}5_|-[üc-◄&G▬\++M++"-vya=+¼> Kb⌂-▌☼H☺o÷+-++çï-æò)|]▌oòH;+;=nT

ÖƒB1¬Ö¬-♦+▌`$ü1Q3ä+∟A▌+-♂c;ÅÆ)CfM-+Ií▌>↨i²T¡*_♂>-+Ñ☼►íù|»T+Å ▌¢ñxa6·ô▌96Æ4=Où

D▬↕9æÇǧ+▌§▌ît(+¬a8<\&‼ùâ▬o_ÿ¢ë☻e+▬»▌4¬▌±↕)+S∟¿▬

Z¥UOö+¼\+) 3(zpn½!♂O▌ô♥=æNw$nf{r-~I=L-·O¢+)átû▌c7tGRl♀ñÑTY"O'là}¶▌»ªs▬H+∟yü

Ö+s-d'-:8~bT§+3Xñ→-▌I-É+u▌m▲á+↔S▌ƒLv(wSP☺4▌▌^ów+

A+gÖû²}Z▌G-n& ·à▌¢DMU-p!◄$◄++‼-,ôàù→+▌Z%æ→-1aYï - the file header is corrupt

Encrypted file: CRC failed in arr_pirate.rar (password incorrect ?)

No files to extract

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

http://dl.getdropbox.com/u/332413/rarpass.py

http://dl.getdropbox.com/u/332413/1DICT.TXT

http://dl.getdropbox.com/u/332413/UnRAR.exe

also a little base64 converter program

http://dl.getdropbox.com/u/332413/base64decode.py

The new and improved dictionary attack unrarer.

Still needs some error handling work though but works ok for watching the output of weirdness from this arr_pirate.rar file...

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

Just some more information gathered.

The header for an encrypted rar is this

526172211A0700CE9973

The header of an unencrypted rar is

526172211A0700CF9073

The difference being the CF90 vs CE99 but both translate to the same thing in ascii.

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

anyone have any success? or anymore ideas?

i have a couple questions for plunk. does the file require any repairing?

and if not then is the password guessable? guessable meaning using logic or word relationships is it figure-outable by a human?

also are there any more clues to be found on or in the file in order to figure out the password?

also when trying to use certain passwords with either rar.exe unrar.exe and 7z.exe it will spit out trash and say the file header is corrupt. is that just a bufferoverflow from the .exe or is that something having to do with what you did to the file?

and one more thing... will we have to brute force the password or not?

with that said... if anyone is still interested in figuring this out then i suggest we start compiling a list of methods of figuring it out.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...