Cracking Rar File Archive Passwords

Submitted by jabrown on Sun, 12/03/2017 - 23:03

This will be a quick walk-through on how to crack password protected RAR archives.

You will need Hashcat and John the Ripper jumbo.

John Jumbo will need to compile If using a Linux system that does not have a rar2john package.


Once Hashcat and John the Ripper has been unpackaged and compiled we can get the hash value of the RAR file.

To get the hash value run. /path/to/john/jumbo/run/rar2john {rar file}

This creates a colon (:) delimited string. We only need the hash value when using Hashcat to crack the hash.

To create a hash list with only the hash value run. /path/to/john/jumbo/run/rar2john {rar file} | cut -d ':' -f 2 > {hash list file}


Once we have the hash value we can then use Hashcat to crack it.

The Hashcat command to use a wordlist attack against a RAR5 hash is. hashcat -a 0 -m 13000 {hash list} {wordlist}

The command that we used is different due to the unique issues of the Linux kernel, GPU drivers, and hardware of the hash cracking system.


It took about 20 minutes to crack the simple password of "password".


Cracking RAR passwords is fairly simple but can take time to crack.


Visit the store or contact us if you need to recover some passwords.