Do you wonder how vulnerable password-protected word-processing, spreadsheet, and Zip files are when users send them into the wild blue yonder? Wonder no more. Some great utilities can show how easily passwords are cracked. But there are some countermeasures you can take as well. Read on to learn more about both.
So, here, I’m going to tell you this a simple method of how to crack WinRAR password protected files and get back your important data. Do follow the steps mentioned below and let us know if you.
How to crack files
Most password-protected files can be cracked in seconds or minutes. You can demonstrate this “wow factor” security vulnerability to users and management. Here’s a hypothetical scenario that could occur in the real world:
- Your CFO wants to send some confidential financial information in an Excel spreadsheet to a company board member.
- She protects the spreadsheet by assigning it a password during the file-save process in Excel.
- For good measure, she uses WinZip to compress the file and adds another password to make it really secure.
- The CFO sends the spreadsheet as an e-mail attachment, assuming that the e-mail will reach its destination.The financial advisor’s network has content filtering, which monitors incoming e-mails for keywords and file attachments. Unfortunately, the financial advisory firm’s network administrator is looking in the content-filtering system to see what’s coming in.
- This rogue network administrator finds the e-mail with the confidential attachment, saves the attachment, and realizes that it’s password protected.
- The network administrator remembers a great password-cracking tool available from Elcomsoft called Advanced Archive Password Recovery that can help him out so he proceeds to use it to crack the password.
Cracking password-protected files is as simple as that! Now all that the rogue network administrator must do is forward the confidential spreadsheet to his buddies or to the company’s competitors.
If you carefully select the right options in Advanced Archive Password Recovery, you can drastically shorten your testing time. For example, if you know that a password is not over five characters long or is lowercase letters only, you can cut the cracking time in half.
You should perform these file-password-cracking tests on files that you capture with a content filtering or network analysis tool. This is a good way to determine whether your users are adhering to policy and using adequate passwords to protect sensitive information they’re sending.
Countermeasures
The best defense against weak file password protection is to require your users to use a stronger form of file protection, such as PGP, or the AES encryption that’s built in to WinZip, when necessary.
Ideally, you don’t want to rely on users to make decisions about what they should use to secure sensitive information, but it’s better than nothing. Stress that a file encryption mechanism, such as a password-protected Zip file, is secure only if users keep their passwords confidential and never transmit or store them in unsecure cleartext (such as in a separate e-mail).
If you’re concerned about unsecure transmissions through e-mail, consider using a content-filtering system or a data leak–prevention system to block all outbound e-mail attachments that aren’t protected on your e-mail server.
There's another fork from someone named koros AKA ya158 also maybe AKA korosya?. Looks like he's updating 2 versions of it. One has ability to to decompile the compiled Auto-it script and the other without (according to the google translated changelog)![Upx File Is Modified/hacked/protected Upx File Is Modified/hacked/protected](/uploads/1/2/5/8/125857967/790191857.png)
http://forum.oszone.net/thread-260143.html
http://forum.oszone.net/thread-295084.html
http://forum.ru-board.com/topic.cgi?forum=5&topic=20420
Universal Extractor 1.6.1.1010 koros build
- 7z with source https://yadi.sk/d/Zz7GQB2shS4gC or subfolder with installer https://yadi.sk/d/Zz7GQB2shS4gC/Инсталляторы
Universal Extractor 1.6.1.2010 koros build. AutoIt source is in the WithAU.7z archive along with the extra AutoIt decompiler.
- https://yadi.sk/d/YUsn1gzJhScDj
Here's the changelog google translated. I've cut out most of the 1.6.1.1xxx build changes since it seems to be identical to 1.6.1.2xxx except for the decompile auto-it part.
![Open upx file Open upx file](https://image.slidesharecdn.com/unpacking-a-non-unpackables-180912142353/95/r2con2018-unpackingthenonunpackable-elflinux-binary-30-638.jpg?cb=1536885476)
!!! Added the ability to decompile compiled AutoIt-script. Now there are two versions (due to the requirements Oszone.net) 1.6.1.2xxx and 1.6.1.1xxx - with and without this opportunity.
1.6.1.2010 (25/07/2015) mod by koros aka ya158
1. The algorithm of the search for the signature. The signature is searched only at the beginning and end of the file (default - 10 MB from the beginning and end). You can set each search separately.
1.6.1.2009 (16/07/2015) mod by koros aka ya158
1. Added the ability to run multiple copies of the correct Universal Extractor at the same time, which each copy creates its own debug file.
1.6.1.2008 (08/07/2015) mod by koros aka ya158
1. Change the method of checking Caphyon Advanced Installer - to check on the signature 0000E979FEFFFF added check for signature 43617068796F6E (the word 'Caphyon') and signature 416476616E63656420496E7374616C6C6572 (the word 'Advanced Installer').
2. Check for Caphyon Advanced Installer and AutoIt moved to the end of the test the exe-file.
3. Added a message box when testing Caphyon Advanced Installer and AutoIt.
1.6.1.2007 (06/07/2015) mod by koros aka ya158
1. Change the order of checks Caphyon Advanced Installer, as signature 0000E979FEFFFF not clearly indicate Caphyon Advanced Installer.
1.6.1.2006 (29/06/2015) mod by koros aka ya158
1. Fixed a bug (there was a conflict Less MSIerables (lessmsi) and Windows Installer XML Toolset Decompiler - for their work require different versions of the library wix.dll)
1.6.1.2005 (23/06/2015) mod by koros aka ya158
1. Change the order of checks on Microsoft Visual C ++ Redistributable 2010 and older versions on Caphyon Advanced Installer.
2. When testing the EXE-file utility PEiD now goes to check on the NSIS-Installer for the phrase 'Nullsoft PiMP' instead of 'Nullsoft PiMP SFX' ..
3. Updated 7-zip to version 15.05 beta
4. innounp Updated to version 0.42
5. Updated to version 1.9.4 Mhtunpack
6. TrID updated to version 2.20 (base 5936 TrIDDefs.TRD file types 06/15/15)
7. ZPAQ Updated to version 7.05
8. Fixed a bug (not created the destination folder, if there was a file called a destination folder)
1.6.1.2004 (14/05/2015) mod by koros aka ya158
1. Utility Aut2exe.exe is moved to a folder !!! Tools bin Designer installers based on a modified SFX module 7 Zip'a
The version number has not changed since Universal Extractor itself has not changed.
1.6.1.2004 (23/04/2015) mod by koros aka ya158
1. Added: Unpacking the Microsoft Visual C ++ Redistributable version older than 2010.
2. Added: Unpacking files created Caphyon Advanced Installer.
1.6.1.2003 (30/03/2015) mod by koros aka ya158
1. Added: Unpacking files sqx.
2. Added: Unpacking files zpaq.
1.6.1.2002 (28/03/2015) mod by koros aka ya158
1. Added the ability to extract SFX-module configuration file and / comments from SFX-archives.
2. Added extractor msi-file Less MSIerables (lessmsi) (http://lessmsi.activescott.com/).
3. Added the ability to specify a file for the signature.
4. Fixed minor bugs
5. Added ability to decompile compiled AutoIt-script.
1.6.1.1001 (05/03/2015) mod by koros aka ya158
1. Updated unpacking / razarhivatory. The list can be seen in the docs !!! Extractor.txt.
2. Added support for 64-bit systems. In such systems, installed 64-bit version of the unpackers / razarhivatorov. Uharc02.exe and BOOZ.EXE on such systems are not installed.
3. The installer is created using the constructor: http://forum.oszone.net/thread-295084.html
4. Remove the ability to decompress from the context menu in the same folder that contains the installer himself / archive. In the context menu 'Send' menu item added 'Universal Extractor', which allows you to unpack the GUI.
1.6.1.1000 (07/05/2013) mod by koros aka ya158
1. When unpacking the file exists with the name that matches the name of the destination folder, you are offered a choice:
1. To add the name of the destination folder '_extracted'
2. Select or create a different folder
3. To name the destination folder to add the current date and time.
2. If there is a decompression folder with the name that matches the name of the destination folder, you are offered a choice:
1. Delete the folder and unzip into it
2. Select or create a different folder
3. Unzip this folder without purification.
3. Selection unpackers AspackDie. The need for this is described here http://forum.oszone.net/post-1574340-352.html
4. Solution: When you unpack the UPX-file filename.exe an error occurred if there was the destination file 'filename_unpacked.exe'
5. The item was added to the settings menu (keys in the configuration files UniExtract.ini) 'Hide console window' and 'Minimize the console window'
6. Added extractor msi-file Simple 'One-Click' MSI Unpacker (http://www.jsware.net/jsware/msicode.php5#unplin). Included in his script adapted by Universal Extractor (thank you Alex_Piggy [/ b] with ruborda)
7. Added extractor FreeArc
8. Added password verification installer Inno, archives 7zip, Rar and Zip. If 'Hide console window' or 'minimize the console window,' then if the password is ignored and appears normal window Cons password request.
9. Fixed: When you unpack the MSI using the plug-in TotalCommander-in was a mistake in the original script - instead of the correct $ cabfiles [$ i] was $ cabfile [$ i]
10. Changed: When testing CHM-file utility TrID Now there is a check for the phrase '(.CHM) Windows HELP File' instead of 'Compiled HTML Help File'.
Similarly AH HLP-file is checked phrase '(.HLP) Windows Help file'.
11. Posted: When testing the EXE-file utility PEiD Now there is a check on the NSIS-Installer for the phrase 'Nullsoft PiMP SFX'. When unpacking in this case duplicates automatically preimenovyvayutsya
12. Changed added: deselect bin cue and nrg cue to a separate subgroup (without checking these files using TrID). Unpacking files that TrID defines as 'ISO CDImage - universal format' using the plug iso.wcx to TotalCommander-y. Delete files bin2iso *. * And nrg2iso *. *
13. Posted: Unpacking file msu - packs Windows similar to the msp-unpacking files using 7-zip.
14. Change: floppy image file (.img) is not decompressed utility Extract 2.10, and 7-zip-ohm. Delete files Extract *. *
1.6.1.2010 (25/07/2015) mod by koros aka ya158
1. The algorithm of the search for the signature. The signature is searched only at the beginning and end of the file (default - 10 MB from the beginning and end). You can set each search separately.
1.6.1.2009 (16/07/2015) mod by koros aka ya158
1. Added the ability to run multiple copies of the correct Universal Extractor at the same time, which each copy creates its own debug file.
1.6.1.2008 (08/07/2015) mod by koros aka ya158
1. Change the method of checking Caphyon Advanced Installer - to check on the signature 0000E979FEFFFF added check for signature 43617068796F6E (the word 'Caphyon') and signature 416476616E63656420496E7374616C6C6572 (the word 'Advanced Installer').
2. Check for Caphyon Advanced Installer and AutoIt moved to the end of the test the exe-file.
3. Added a message box when testing Caphyon Advanced Installer and AutoIt.
1.6.1.2007 (06/07/2015) mod by koros aka ya158
1. Change the order of checks Caphyon Advanced Installer, as signature 0000E979FEFFFF not clearly indicate Caphyon Advanced Installer.
1.6.1.2006 (29/06/2015) mod by koros aka ya158
1. Fixed a bug (there was a conflict Less MSIerables (lessmsi) and Windows Installer XML Toolset Decompiler - for their work require different versions of the library wix.dll)
1.6.1.2005 (23/06/2015) mod by koros aka ya158
1. Change the order of checks on Microsoft Visual C ++ Redistributable 2010 and older versions on Caphyon Advanced Installer.
2. When testing the EXE-file utility PEiD now goes to check on the NSIS-Installer for the phrase 'Nullsoft PiMP' instead of 'Nullsoft PiMP SFX' ..
3. Updated 7-zip to version 15.05 beta
4. innounp Updated to version 0.42
5. Updated to version 1.9.4 Mhtunpack
6. TrID updated to version 2.20 (base 5936 TrIDDefs.TRD file types 06/15/15)
7. ZPAQ Updated to version 7.05
8. Fixed a bug (not created the destination folder, if there was a file called a destination folder)
1.6.1.2004 (14/05/2015) mod by koros aka ya158
1. Utility Aut2exe.exe is moved to a folder !!! Tools bin Designer installers based on a modified SFX module 7 Zip'a
The version number has not changed since Universal Extractor itself has not changed.
1.6.1.2004 (23/04/2015) mod by koros aka ya158
1. Added: Unpacking the Microsoft Visual C ++ Redistributable version older than 2010.
2. Added: Unpacking files created Caphyon Advanced Installer.
1.6.1.2003 (30/03/2015) mod by koros aka ya158
1. Added: Unpacking files sqx.
2. Added: Unpacking files zpaq.
1.6.1.2002 (28/03/2015) mod by koros aka ya158
1. Added the ability to extract SFX-module configuration file and / comments from SFX-archives.
2. Added extractor msi-file Less MSIerables (lessmsi) (http://lessmsi.activescott.com/).
3. Added the ability to specify a file for the signature.
4. Fixed minor bugs
5. Added ability to decompile compiled AutoIt-script.
1.6.1.1001 (05/03/2015) mod by koros aka ya158
1. Updated unpacking / razarhivatory. The list can be seen in the docs !!! Extractor.txt.
2. Added support for 64-bit systems. In such systems, installed 64-bit version of the unpackers / razarhivatorov. Uharc02.exe and BOOZ.EXE on such systems are not installed.
3. The installer is created using the constructor: http://forum.oszone.net/thread-295084.html
4. Remove the ability to decompress from the context menu in the same folder that contains the installer himself / archive. In the context menu 'Send' menu item added 'Universal Extractor', which allows you to unpack the GUI.
1.6.1.1000 (07/05/2013) mod by koros aka ya158
1. When unpacking the file exists with the name that matches the name of the destination folder, you are offered a choice:
1. To add the name of the destination folder '_extracted'
2. Select or create a different folder
3. To name the destination folder to add the current date and time.
2. If there is a decompression folder with the name that matches the name of the destination folder, you are offered a choice:
1. Delete the folder and unzip into it
2. Select or create a different folder
3. Unzip this folder without purification.
3. Selection unpackers AspackDie. The need for this is described here http://forum.oszone.net/post-1574340-352.html
4. Solution: When you unpack the UPX-file filename.exe an error occurred if there was the destination file 'filename_unpacked.exe'
5. The item was added to the settings menu (keys in the configuration files UniExtract.ini) 'Hide console window' and 'Minimize the console window'
6. Added extractor msi-file Simple 'One-Click' MSI Unpacker (http://www.jsware.net/jsware/msicode.php5#unplin). Included in his script adapted by Universal Extractor (thank you Alex_Piggy [/ b] with ruborda)
7. Added extractor FreeArc
8. Added password verification installer Inno, archives 7zip, Rar and Zip. If 'Hide console window' or 'minimize the console window,' then if the password is ignored and appears normal window Cons password request.
9. Fixed: When you unpack the MSI using the plug-in TotalCommander-in was a mistake in the original script - instead of the correct $ cabfiles [$ i] was $ cabfile [$ i]
10. Changed: When testing CHM-file utility TrID Now there is a check for the phrase '(.CHM) Windows HELP File' instead of 'Compiled HTML Help File'.
Similarly AH HLP-file is checked phrase '(.HLP) Windows Help file'.
11. Posted: When testing the EXE-file utility PEiD Now there is a check on the NSIS-Installer for the phrase 'Nullsoft PiMP SFX'. When unpacking in this case duplicates automatically preimenovyvayutsya
12. Changed added: deselect bin cue and nrg cue to a separate subgroup (without checking these files using TrID). Unpacking files that TrID defines as 'ISO CDImage - universal format' using the plug iso.wcx to TotalCommander-y. Delete files bin2iso *. * And nrg2iso *. *
13. Posted: Unpacking file msu - packs Windows similar to the msp-unpacking files using 7-zip.
14. Change: floppy image file (.img) is not decompressed utility Extract 2.10, and 7-zip-ohm. Delete files Extract *. *