最後更新: 2023-01-22

介紹

利用 GPU 去破解加密的 opensource software

Link

亮點

• Multi-Platform(AMD, NVIDIA, Intel)
• Multi-Devices
• Supports distributed cracking networks
• Supports interactive pause / resume
• Integrated thermal watchdog
• 350+ Hash-types

RAR5

 *  based on PBKDF2 using HMAC-SHA256

RAR5 stores a password hash within the compressed archive,
checking the password before attempting the extraction.

Brute-Force RAR File (Mask Attack)

1) 用 rar2john 提取 rar 的 hash

Source:

• https://github.com/openwall/john/tree/bleeding-jumbo/src

VM:

• https://www.kali.org/get-kali/#kali-virtual-machines

rar2john file.rar > file.hash

2) 利用 hashcat 暴力破解

# -m, --hash-type
# -a, --attack-mode
# -o pw.txt               # outfile for recovered hash
# input format: 'hash' / 'hashfile'

hashcat -m 13000 -a 3 -o pw.txt file.hash

# hash-type

• 12500 | RAR3-hp                              
• 23800 | RAR3-p (Compressed)    
• 23700 | RAR3-p (Uncompressed)
• 13000 | RAR5
• ...

# attack-mode   

• 0 | Straight
• 1 | Combination
• 3 | Brute-force
• 6 | Hybrid Wordlist + Mask
• ...

hashcat doc

link