Macos – using John the Ripper to recover RAR password

macospassword-recoveryrarxargs

Testing John the Ripper in Mac OS X as a RAR password recovery solution, but xargs gives me an error:

john --incremental:all --stdout | xargs -I jtr unrar e -pjtr -inul test2.rar | grep 100%
xargs: unterminated quote

But when I add '-0' to xargs to deal with the quote, I get another xargs error:

john --incremental:all --stdout | xargs -0 -I jtr unrar e -pjtr -inul test2.rar | grep 100%
xargs: insufficient space for argument

Which I suppose is because the '-0' is preventing xargs from using newlines as delimiters, which is creating the space issue?

Any ideas on how to make xargs happy? Is there a way to solve the quotes issue while keeping the newline delimiter intact?

Best Answer

I would probably do something like this instead:

john --incremental:all -stdout | while read pass;do
  rar x -p"${pass}" test2.rar
  if [ "$?" -eq 0 ];then
    exit 0
  fi
done

Replace rar options, etc. as you like. This way the command only runs until it successfully unpacks the file and you don't have to grep for something. $? is a shell variable containing the return code of the last run command, and if run successfully it equals 0. So if you match it with 0 you know the previous command "worked".

Edit 1: Added "'s around the password, like -p"${pass}".

Best Answer

Related Solutions

Word – RAR password cracker

Word – How to recover the password of a RAR file on Mac OS X

Related Question