this post was submitted on 10 Sep 2023
57 points (91.3% liked)

Asklemmy

43895 readers
1404 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

I use winrar.

all 28 comments
sorted by: hot top controversial new old
[–] d3Xt3r@lemmy.nz 59 points 1 year ago* (last edited 1 year ago)

This can be easily done using PowerShell, and rar.exe which is part of WinRAR. Just edit the first three variables below according to your needs and run the script. You don't even need to save it as a script, just copy-paste the code into a PowerShell window, you can use the arrow keys to edit the variables (or edit it using notepad if you like) and then press enter when you're ready to run the script.

$winrar = "C:\Program Files\WinRAR\Rar.exe"
$passlist = @("pass1", "pass2", "pass3", "pass4")
$folder = "C:\Path\To\Folder"

cd "$folder"
foreach($file in (dir *.rar).Name) { "Checking $file..."; foreach($pass in $passlist) { .$winrar t -p"$pass" "$file" *>$null ; if($LASTEXITCODE -eq 0){ " β†’ Password for $file is $pass"; break }}""}

This would give you an output which looks like:

Checking file1.rar...
 β†’ Password for file1.rar is pass1

Checking file2.rar...
 β†’ Password for file2.rar is pass2

Checking file3.rar...
 β†’ Password for file3.rar is pass3

If there's something you don't understand in the code above, lemme know - happy to explain further. :)

[–] DasRubberDuck@feddit.de 17 points 1 year ago* (last edited 1 year ago)

Is there a way to call the unrar command via command line and pass the password as a parameter? There should be.

If there is not with winrar, try the 7zip commandlet for powershell, that should definitely be able to do what you want.

Write a quick skript that reads your passwords from a text file into a variable, use a foreach-object loop to iterate over the variable and each time call the unrar command and use the current password.

Not sure if this is elegant, but that's the first thing that comes to my mind.

7zip module documentation

[–] gardner@lemmy.nz 16 points 1 year ago (2 children)

Does "Jack The Ripper" still work these days?

[–] fratermus@lemmy.sdf.org 9 points 1 year ago
[–] vzq@lemmy.blahaj.zone 4 points 1 year ago

It does! Almost everyone is using hashcat, but JTR is still a thing.

[–] vzq@lemmy.blahaj.zone 14 points 1 year ago (2 children)

This is a great time to learn about hashcat.

[–] pungunner@feddit.de 13 points 1 year ago (1 children)

Isn't that the tool that let's you brute force weak encrypted containers? I remember saving my sister that got a pin secured container and the pin was coming over mail/on a different channel (she needed it as fast as possible)...

Well it was a 4 digit pin and my very old notebook took a few hours. Even less if my sister would have told me that it was a 4 digit nummeric pin and not alphanumeric.

So yea. Hashcat will be your friend. Afaik can also take guesses.

[–] vzq@lemmy.blahaj.zone 4 points 1 year ago

How fast it is depends entirely on the application.

But yes, it can do all sorts of fancy things like rule expansions, word combinations and custom character brute force.

[–] LanyrdSkynrd@hexbear.net 7 points 1 year ago

Something like this should work on linux or mac. On windows you'll probably need to use wsl or convert it to powershell if you can't install the dependencies natively. The script requires bash, unrar, and find.

#!/usr/bin/env bash
while read -r rarfile; do
  while read -r password; do
    if unrar t -p"$password" "$rarfile" >/dev/null 2>&1; then
      echo "$rarfile $password"
      break
    fi
    echo "$rarfile password not found"
  done < /path/to/passwords.list
done < <(find /path/to/rars -type f -iname '*.rar')
[–] RedditWanderer@lemmy.world 3 points 1 year ago* (last edited 1 year ago) (4 children)

Ask chat gpt! It will not only tell you exactly how, and build the script for you, you will also be able to add ask custom questions when things go wrong, or get other methods.

Chatgpt is a google search on steroids.

Edit: yall can downvote gpt all you want, it took me 3 minutes to do it locally and it provided a safe and valid script.

Source: Director of Engineering at an almost FAANG sized company

[–] WigglingWalrus@feddit.uk 4 points 1 year ago (1 children)

What search term do you use? I've just tried and it said it can't help with that.

[–] RedditWanderer@lemmy.world 13 points 1 year ago* (last edited 1 year ago) (1 children)

Me: I need to write a powershell script on windows to open a password protected zip file for which I have the password

Gpt:

Sure! Here's how you can create and use a PowerShell script to unzip a password-protected zip file on Windows:

First, make sure you have the required module installed. You can use Expand-Archive for normal zips, but for password-protected zips, we will leverage the 7-Zip utility. You can download it from here.

After installing 7-Zip, you can use its command line interface, 7z.exe, usually located in C:\Program Files\7-Zip.

Create a PowerShell script named UnzipProtected.ps1 with the following content:

    [Parameter(Mandatory=$true)]
    [string]$zipFilePath,

    [Parameter(Mandatory=$true)]
    [string]$destinationPath,

    [Parameter(Mandatory=$true)]
    [string]$password
)

$sevenZipPath = "C:\Program Files\7-Zip\7z.exe"

if (-not (Test-Path $sevenZipPath)) {
    Write-Error "7-Zip not found at $sevenZipPath. Please install it or adjust the path."
    exit 1
}

& $sevenZipPath x -p$password -o$destinationPath $zipFilePath

if ($? -eq $true) {
    Write-Host "File unzipped successfully!"
} else {
    Write-Error "Failed to unzip the file."
}```


> Now, you can use the PowerShell script to unzip the password-protected file:


```.\UnzipProtected.ps1 -zipFilePath "path_to_your_zip_file.zip" -destinationPath "path_to_extract_folder" -password "yourpassword"

Replace the placeholders with the appropriate paths and password.

Note: Make sure you execute the PowerShell script with appropriate permissions (Run as Administrator if required). Also, ensure that your execution policy allows you to run scripts (Set-ExecutionPolicy RemoteSigned or Set-ExecutionPolicy Unrestricted but be aware of the security implications). Always handle passwords securely.

Me: Can you have it loop through a handful of my passwords

Gpt:

Certainly. We can adjust the script to loop through a list of passwords until the correct one is found or the list is exhausted.

Modify the UnzipProtected.ps1 script as follows:

    [Parameter(Mandatory=$true)]
    [string]$zipFilePath,

    [Parameter(Mandatory=$true)]
    [string]$destinationPath,

    [Parameter(Mandatory=$true)]
    [string[]]$passwords
)

$sevenZipPath = "C:\Program Files\7-Zip\7z.exe"

if (-not (Test-Path $sevenZipPath)) {
    Write-Error "7-Zip not found at $sevenZipPath. Please install it or adjust the path."
    exit 1
}

$success = $false

foreach ($password in $passwords) {
    & $sevenZipPath x -p$password -o$destinationPath $zipFilePath

    if ($? -eq $true) {
        Write-Host "File unzipped successfully with password: $password"
        $success = $true
        break
    }
}

if (-not $success) {
    Write-Error "Failed to unzip the file with provided passwords."
}

You can now use the script to try multiple passwords:

.\UnzipProtected.ps1 -zipFilePath "path_to_your_zip_file.zip" -destinationPath "path_to_extract_folder" -passwords @("password1", "password2", "password3")

Replace the placeholders with the appropriate paths and the list of passwords you want to try.

Note: Be very careful with this kind of script, especially if you're using it with real passwords. It's essential to handle passwords securely, and not to keep them in clear text or hardcoded in scripts. Use this approach only in a controlled and secure environment.

Obviously this is an example, but you can keep talking to it to refine how you want the search to happen. If there's an error, tell gpt what happened, or which step you aren't able to do and it will walk you through that as well!

Was hard to copy paste over on my phone so format is a bit messed up, but you get the idea

[–] Squa64res@lemmy.ml 4 points 1 year ago (1 children)

going to try this! thank you.

[–] RedditWanderer@lemmy.world 2 points 1 year ago

Hope it helps.

Completely baffling why you're being downvoted. This is a perfect application of chatgpt.

[–] peter@feddit.uk -1 points 1 year ago

First lemmy troll

[–] Lichtblitz@discuss.tchncs.de -1 points 1 year ago (1 children)

While it might be close to good enough for casual scripts, it is much better to use existing tools for performance critical applications, such as brute forcing passwords.

[–] RedditWanderer@lemmy.world 6 points 1 year ago (1 children)

Lmao. Is this not a "casual script"? The dude wants to try a handful of passwords, not brute force a leaked db.

[–] Lichtblitz@discuss.tchncs.de 0 points 1 year ago (1 children)

I believe not. The question states "keywords" so it seems they want to try combinations of words they commonly used. And it makes a huge difference if the script can try one password per second or dozens/hundreds/more.

[–] RedditWanderer@lemmy.world -2 points 1 year ago* (last edited 1 year ago) (1 children)

You can easily ask chat gpt for all those specific needs. I've been a professional software engineer for almost 2 decades and I know chat gpt can do just as good as google searches, especially for quick shellscript with cli's you aren't familiar with. You can also ask it where it would be slow and how to make it faster, or what about it might be dangerous. You're just being daft.

[–] kava@lemmy.world 1 points 1 year ago (1 children)

I love ChatGPT and pay for the $20 so I get the upgraded version. However guy is asking for advice from humans, otherwise he'd just be asking on ChatGPT.

In my experience GPT can write simple scripts for you, but it quickly falls apart once you reach a certain complexity.

[–] RedditWanderer@lemmy.world 1 points 1 year ago (1 children)

This is a very simple script, perfect for gpt and a noob. An experienced developer can go much further, or he can even learn to develop.

He literally admitted asking chaf GPT and it saying "it can't do that". He's not asking here because he specifically wants a human answer, nobody here is going to write him script after script, answer all the possible questions about how to run script etc.. GPT is literally free internet education and people should use it, not downvote those who try to teach ppl how to use it.

Chatgpt is just a agglomeration of all the human answers we have, and you can even ask GPT if it's wrong because it has no horse in the race.

[–] kava@lemmy.world -2 points 1 year ago (1 children)

I agree GPT is great. I use it for all sorts of stuff, not just coding. But when I post on a human board, I want to talk to a human.

Also if you want I can give you an idea for a "simple script" a human could easily do that ChatGPT simply cannot do. It's a text-prediction algorithm. It doesn't think like me or you.

I love it a lot. I talk to it every day. It's like a super-google and helps while coding too. To me it's like a starting point research thing or help when stuck on something.

But yeah people are downvoting you because you're going offtopic by making this into a ChatGPT thing instead of what OP is actually asking.

For what it's worth i didn't downvote you because I don't generally downvote people. I only mention because it seems like the points bother you

[–] RedditWanderer@lemmy.world 0 points 1 year ago* (last edited 1 year ago) (1 children)

"off topic" lmao, yall are dumb.

Nobody has given him a usable answer. Teach a man to fish and all.. all they said is "look up this thing".

GPT is perfectly suited for this question, and it's askLemmy, not "dontAskGPT". It's perfectly on topic and OP has replied / upvoted it as helpful. You can get off your high horse now.

[–] kava@lemmy.world 1 points 1 year ago

The offtopic part is the prostelyzing. You sound like a Jehovah's Witness. I get it - you're enthusiastic about this but you're not the only one that's ever heard of ChatGPT. Everybody knows already.

I'm just telling you why you're being downvoted.

And again- would you like me to give you a simple script request that breaks ChatGPT? Maybe it'll help you take off the rose-colored glasses.