Jump to content

Nice Security, But Not When You Forget The Password


Anonymust
 Share

Recommended Posts

Security Rules!

But not when your the one who created the extra security feature and cant remember the password.

I just scanned out one of my old laptops (last usage was 3 years ago because the screen was broken) and retrieved what ever files were on it.

and then i DBAN (Darik's Boot And Nuke) the poor 80GB HDD (

Now i got a zip file in 5 parts with pictures... ( i know what pictures are in there, and they weren't meant for no one's eyes but mines hehe)

Back then i used to change my passwords for everything every 3 months! (and i still do)...

Now the sucky part is i cant recall what password I used 4 years ago :S

So i cant unzip the file!

How do i retrieve such a password, other than brute force?

Link to comment
Share on other sites

Use a time machine to ask your self what the password is.

I dont own a Mac :) hahah

But seriously I don't want to delete these pictures, i just need to unzip them

they are split as the following

*****.zip.001

*****.zip.002

*****.zip.003

*****.zip.004

*****.zip.005

Where **** is the name of the zip file its self,

it may be a lousy 21 MB set of pictures, but it contains 119 pictures ( I guess I got other pictures in there also)

Link to comment
Share on other sites

Do you have a CUDA capable nvidia GPU? Backtrack has a rar cracker and I think also a zip cracker that can use CUDA enabled nvidia GPU's to speed up cracking, probably get it done in an hour or two if you have the right hardware setup. Shame it's not a rar file, as my friend Martin has an online cracker for all sorts of stuff you can uplaod directly to, but ZIP isn't listed on his site. http://tools.question-defense.com/rar-password-cracker/ He's also one of the guys behind getting the CUDA cracking power into backtrack, so maybe check his posts on the BT forums for how to use CUDA with BT: http://www.backtrack-linux.org/forums/members/purehate.htm

Link to comment
Share on other sites

Do you have a CUDA capable nvidia GPU? Backtrack has a rar cracker and I think also a zip cracker that can use CUDA enabled nvidia GPU's to speed up cracking, probably get it done in an hour or two if you have the right hardware setup. Shame it's not a rar file, as my friend Martin has an online cracker for all sorts of stuff you can uplaod directly to, but ZIP isn't listed on his site. http://tools.question-defense.com/rar-password-cracker/ He's also one of the guys behind getting the CUDA cracking power into backtrack, so maybe check his posts on the BT forums for how to use CUDA with BT: http://www.backtrack-linux.org/forums/members/purehate.htm

Sadly I got a ATI Radeon HD 3200 :) I told my brother not to buy me this AMD computer :(

Can an nVidia card work on an AMD processor? I wanted to upgrade anyways mines ia onboard GPU.

I want to be able to play World of Warcraft games on dual screens :P

Link to comment
Share on other sites

Nvidia works fine with Intel or AMD processors. Same with ATI.

I just like Nvidia better. :P

I think there are services that can crack zip passwords, but I don't know how they work exactly.

I'm considering on buying Advanced Archive Password Recovery [link]

:(

Link to comment
Share on other sites

http://www.wpacracker.com/ (supports .zip files)
Link to comment
Share on other sites

that's weird. Is it really true you can't even remember the resemblance of that password? (some character, the meaning at least). Does it was a completely random password?

I think that would have been better to exploit the OS information leaking. I mean, to create a dump of the entire laptop disk drive and brute force the zip password against it (offsetting the candidate password byte by byte and using multiple lengths). In some cases OS paging can help you to recover lost passwords...

Edited by gianluca ghettini
Link to comment
Share on other sites

that's weird. Is it really true you can't even remember the resemblance of that password? (some character, the meaning at least). Does it was a completely random password?

I think that would have been better to exploit the OS information leaking. I mean, to create a dump of the entire laptop disk drive and brute force the zip password against it (offsetting the candidate password byte by byte and using multiple lengths). In some cases OS paging can help you to recover lost passwords...

Working on a brute force now.... hey man its a OLD file haha i know my passwords used to vary from 4 characters to like 18 characters! So it might take me some time (already running a brute force for uhm... 2 days now) but my computers is a bit slow, and im running the attack in a VirtualBox WinXP

Hopefully at the end *somewhere between 1 week to 2 months* I get the files out

Link to comment
Share on other sites

Virtual machine will get you nowhere. You need something with GPU acceleration.

Brute force takes years on longer passwords even with GPU.

My thought is... The files aren't worth it. Whatever ex girlfriend pr0n pics they are... let em go lol.

LOL

LOL and LOL again! its not pȱrɳ man lol,

Those things i don't save, they might just fall into the wrong hands! and i wouldn't like that people need privacy :)

Just tryna get my lovely pictures back! i remember the day, but with the picture i can say "a thousand words"

Link to comment
Share on other sites

add some bias to your brute force search! You MUST have some clue about your password. It was a random 18 key ascii password? I don't think so... :huh: or you're another rain man... joke! :rolleyes:

If you are spanning the entire ascii space you'll not see the end, even with password key length = 8

but... in the meantime, have u changed gf? If so, what's the deal?

another tip:

I don't know exactly but if the zip file includes the hashed version of the password (to detect quickly the wrong passwords, for example), grab the hash, identify the hash function (from the zip specs) and try some rainbow tables. It's much faster than brute forcing using the zip file api functions because u can use some serious reverter like rainbow-crack or cuda, not thoose shitty zip file recovery programs.

Edited by gianluca ghettini
Link to comment
Share on other sites

Elcomsoft can crack almost anything, if you have lots of computer processing power.

http://www.elcomsoft.com/edpr.html

Link to comment
Share on other sites

Elcomsoft can crack almost anything, if you have lots of computer processing power.

http://www.elcomsoft.com/edpr.html

I didn't see anything in there for ZIP or RAR files though.

Link to comment
Share on other sites

Elcomsoft can crack almost anything, if you have lots of computer processing power.

http://www.elcomsoft.com/edpr.html

I didn't see anything in there for ZIP or RAR files though.

I think they meant http://www.elcomsoft.com/archpr.html

The "Advanced Archive Password Recovery" by Elcomsoft

Link to comment
Share on other sites

I think they meant http://www.elcomsoft.com/archpr.html

The "Advanced Archive Password Recovery" by Elcomsoft

Thank you for correcting me.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...