Hi everybody. I am working towards cracking a rar archive password. I was able to use rar2john to generate a hash and then plugged it into to hashcat but hashcat kept returning a line-length exception.
Here is the character type and count of the hash: $rar3$*1*16 nums and letters*8 nums and letters*-large number*-same large number*path of rar file*two numbers
Example: $rar3$*1*1234567890abcdef*12abd678*-297795584*-297795584*C:\file.rar*94
Does this look correct? Thanks!
I'm not a power user, but i have 2 remarks:
$rar3$ should be $RAR3$ (at least it was case-sensitive on my windows machine)
the second bigger nums/letters should be more than just 8 chars according to the example hash (and my hash i tried)
Just a thought: Only header-encrypted rar3 works for now. I think you can test it by opening the rar file. Does it directly ask for a password (supported , rar3-hp) or do you see the files and upon accessing them, it asks for a password? (not supported yet, rar3-p)
That didn't seem to make a change. I have been working with both hashCat and John the Ripper. Hashcat doesn't seem to like the hash that rar2john spits out and John the Ripper apparently has the same problem. The rar file is indeed the newer one, rar3-p. Is that why both programs are having problems? Thanks!
It should be very easy to see that hashcat does not expect any filename within the "hash". So remove all this substring containing the filename, like "*C:\file.rar*94" in your example (without quotes).
if the output starts with "$RAR3$*0*" (without quotes) it will be supported by mode -m 12500, otherwise it is not currently supported by hashcat.