11

I am trying to learn how john works. I made a password-protected rar archive, and written that password inside a file named pass.txt.

I used rar2john to build the hash:

# more test.hash 
test.rar:$rar3$*0*c15839e058bb28a3*9d55925bdd33618f3e02f8b7004faab8

However, when I try to run john, I get an error message:

# john --format=rar --wordlist=pass.txt test.rar
Warning: invalid UTF-8 seen reading test.rar
Using default input encoding: UTF-8
No password hashes loaded (see FAQ)

I tried with and without the --format and --wordlist options.

I read John The Ripper's FAQ but nothing helped me.

I saw that the format rar was supported on Pentest Monkey. I even tried the example they gave, but john keeps telling me the same thing.

Any idea?

Pomelo
  • 111
  • 1
  • 1
  • 3
  • The "invalid UTF-8" leads me to believe that there's something wrong with your file encoding. You can use Vim to change file encodings by using `set encoding=utf-8` – Ohnana Oct 14 '15 at 19:13
  • 2
    Might it be such a small mistake as you using the rar file as input instead of the hash file? Could you show the output for `john --format=rar --wordlist=pass.txt test.hash`? – Juha Kivekäs Oct 22 '15 at 14:51

2 Answers2

5
john --format=rar --wordlist=pass.txt test.rar

You're telling john to look in the original .rar file for password hashes. John the Ripper does not understand how to parse .rar files (that's what rar2john is for); you need to pass the file containing the extracted password hash:

john --format=rar --wordlist=pass.txt test.hash
Mark
  • 34,390
  • 9
  • 85
  • 134
-1

Using John the Ripper (JtR), you could find your RAR file's password with these sample commands:

rar2john.exe example.rar > hash.txt
john.exe --wordlist=rockyou.txt --rules=All hash.txt
Minh-Triet Pham Tran
  • 500
  • 3
  • 7