I use winrar.
This is a great time to learn about hashcat.
Isn’t that the tool that let’s you brute force weak encrypted containers? I remember saving my sister that got a pin secured container and the pin was coming over mail/on a different channel (she needed it as fast as possible)…
Well it was a 4 digit pin and my very old notebook took a few hours. Even less if my sister would have told me that it was a 4 digit nummeric pin and not alphanumeric.
So yea. Hashcat will be your friend. Afaik can also take guesses.
It sits in that conceptual corner.
Hashcat is the standard password recovery tool. It supports a whole bunch of applications. It’s fast and optimized. It’s by definition the right tool for the job.
Kali is a Linux distribution that incorporates a bunch of security related tools, including hashcat. But you can just download the hashcat program and run it on windows or Mac.
Is there a way to call the unrar command via command line and pass the password as a parameter? There should be.
If there is not with winrar, try the 7zip commandlet for powershell, that should definitely be able to do what you want.
Write a quick skript that reads your passwords from a text file into a variable, use a foreach-object loop to iterate over the variable and each time call the unrar command and use the current password.
Not sure if this is elegant, but that’s the first thing that comes to my mind.
Ask chat gpt! It will not only tell you exactly how, and build the script for you, you will also be able to add ask custom questions when things go wrong, or get other methods.
Chatgpt is a google search on steroids.
Edit: yall can downvote gpt all you want, it took me 3 minutes to do it locally and it provided a safe and valid script.
Source: Director of Engineering at an almost FAANG sized company
What search term do you use? I’ve just tried and it said it can’t help with that.
Me: I need to write a powershell script on windows to open a password protected zip file for which I have the password
Gpt:
Sure! Here’s how you can create and use a PowerShell script to unzip a password-protected zip file on Windows:
First, make sure you have the required module installed. You can use Expand-Archive for normal zips, but for password-protected zips, we will leverage the 7-Zip utility. You can download it from here.
After installing 7-Zip, you can use its command line interface, 7z.exe, usually located in C:\Program Files\7-Zip.
Create a PowerShell script named UnzipProtected.ps1 with the following content:
[Parameter(Mandatory=$true)]
[string]$zipFilePath,
[Parameter(Mandatory=$true)]
[string]$destinationPath,
[Parameter(Mandatory=$true)]
[string]$password
)
$sevenZipPath = "C:\Program Files\7-Zip\7z.exe"
if (-not (Test-Path $sevenZipPath)) {
Write-Error "7-Zip not found at $sevenZipPath. Please install it or adjust the path."
exit 1
}
& $sevenZipPath x -p$password -o$destinationPath $zipFilePath
if ($? -eq $true) {
Write-Host "File unzipped successfully!"
} else {
Write-Error "Failed to unzip the file."
}```
> Now, you can use the PowerShell script to unzip the password-protected file:
```.\UnzipProtected.ps1 -zipFilePath "path_to_your_zip_file.zip" -destinationPath "path_to_extract_folder" -password "yourpassword"
Replace the placeholders with the appropriate paths and password.
Note: Make sure you execute the PowerShell script with appropriate permissions (Run as Administrator if required). Also, ensure that your execution policy allows you to run scripts (Set-ExecutionPolicy RemoteSigned or Set-ExecutionPolicy Unrestricted but be aware of the security implications). Always handle passwords securely.
Me: Can you have it loop through a handful of my passwords
Gpt:
Certainly. We can adjust the script to loop through a list of passwords until the correct one is found or the list is exhausted.
Modify the UnzipProtected.ps1 script as follows:
[Parameter(Mandatory=$true)]
[string]$zipFilePath,
[Parameter(Mandatory=$true)]
[string]$destinationPath,
[Parameter(Mandatory=$true)]
[string[]]$passwords
)
$sevenZipPath = "C:\Program Files\7-Zip\7z.exe"
if (-not (Test-Path $sevenZipPath)) {
Write-Error "7-Zip not found at $sevenZipPath. Please install it or adjust the path."
exit 1
}
$success = $false
foreach ($password in $passwords) {
& $sevenZipPath x -p$password -o$destinationPath $zipFilePath
if ($? -eq $true) {
Write-Host "File unzipped successfully with password: $password"
$success = $true
break
}
}
if (-not $success) {
Write-Error "Failed to unzip the file with provided passwords."
}
You can now use the script to try multiple passwords:
.\UnzipProtected.ps1 -zipFilePath “path_to_your_zip_file.zip” -destinationPath “path_to_extract_folder” -passwords @(“password1”, “password2”, “password3”)
Replace the placeholders with the appropriate paths and the list of passwords you want to try.
Note: Be very careful with this kind of script, especially if you’re using it with real passwords. It’s essential to handle passwords securely, and not to keep them in clear text or hardcoded in scripts. Use this approach only in a controlled and secure environment.
Obviously this is an example, but you can keep talking to it to refine how you want the search to happen. If there’s an error, tell gpt what happened, or which step you aren’t able to do and it will walk you through that as well!
Was hard to copy paste over on my phone so format is a bit messed up, but you get the idea
While it might be close to good enough for casual scripts, it is much better to use existing tools for performance critical applications, such as brute forcing passwords.
Lmao. Is this not a “casual script”? The dude wants to try a handful of passwords, not brute force a leaked db.
I believe not. The question states “keywords” so it seems they want to try combinations of words they commonly used. And it makes a huge difference if the script can try one password per second or dozens/hundreds/more.
