I use winrar.

  • d3Xt3r@lemmy.nz
    link
    fedilink
    arrow-up
    54
    ·
    edit-2
    1 year ago

    This can be easily done using PowerShell, and rar.exe which is part of WinRAR. Just edit the first three variables below according to your needs and run the script. You don’t even need to save it as a script, just copy-paste the code into a PowerShell window, you can use the arrow keys to edit the variables (or edit it using notepad if you like) and then press enter when you’re ready to run the script.

    $winrar = "C:\Program Files\WinRAR\Rar.exe"
    $passlist = @("pass1", "pass2", "pass3", "pass4")
    $folder = "C:\Path\To\Folder"
    
    cd "$folder"
    foreach($file in (dir *.rar).Name) { "Checking $file..."; foreach($pass in $passlist) { .$winrar t -p"$pass" "$file" *>$null ; if($LASTEXITCODE -eq 0){ " → Password for $file is $pass"; break }}""}
    

    This would give you an output which looks like:

    Checking file1.rar...
     → Password for file1.rar is pass1
    
    Checking file2.rar...
     → Password for file2.rar is pass2
    
    Checking file3.rar...
     → Password for file3.rar is pass3
    

    If there’s something you don’t understand in the code above, lemme know - happy to explain further. :)

    • pungunner@feddit.de
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      Isn’t that the tool that let’s you brute force weak encrypted containers? I remember saving my sister that got a pin secured container and the pin was coming over mail/on a different channel (she needed it as fast as possible)…

      Well it was a 4 digit pin and my very old notebook took a few hours. Even less if my sister would have told me that it was a 4 digit nummeric pin and not alphanumeric.

      So yea. Hashcat will be your friend. Afaik can also take guesses.

      • vzq@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        How fast it is depends entirely on the application.

        But yes, it can do all sorts of fancy things like rule expansions, word combinations and custom character brute force.

      • vzq@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        It sits in that conceptual corner.

        Hashcat is the standard password recovery tool. It supports a whole bunch of applications. It’s fast and optimized. It’s by definition the right tool for the job.

        Kali is a Linux distribution that incorporates a bunch of security related tools, including hashcat. But you can just download the hashcat program and run it on windows or Mac.

  • DasRubberDuck@feddit.de
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Is there a way to call the unrar command via command line and pass the password as a parameter? There should be.

    If there is not with winrar, try the 7zip commandlet for powershell, that should definitely be able to do what you want.

    Write a quick skript that reads your passwords from a text file into a variable, use a foreach-object loop to iterate over the variable and each time call the unrar command and use the current password.

    Not sure if this is elegant, but that’s the first thing that comes to my mind.

    7zip module documentation

  • Something like this should work on linux or mac. On windows you’ll probably need to use wsl or convert it to powershell if you can’t install the dependencies natively. The script requires bash, unrar, and find.

    #!/usr/bin/env bash
    while read -r rarfile; do
      while read -r password; do
        if unrar t -p"$password" "$rarfile" >/dev/null 2>&1; then
          echo "$rarfile $password"
          break
        fi
        echo "$rarfile password not found"
      done < /path/to/passwords.list
    done < <(find /path/to/rars -type f -iname '*.rar')