How to apply custom filters for John The Ripper when cracking RAR3 archive password?

My problem is that I’m trying to crack RAR file with is encrypted with RAR3 encryption. Decided to try with John The Ripper. Here are clues I have from my friend.

  1. Max password length is 8
  2. Only capital letters or digits

And I need now filter to make John crack the password without trying to check small lowercase letters. On hashcat it’s easy to do but program do not support $ RAR3$ *1 type of hashes.

Cracking known salt MD5 Hashes online [closed]

I’ve been having trouble with this certain salted MD5 hash, even though I know the salt, and I’ve been having trouble finding anywhere online that will crack salted MD5 hashes. All I’m finding is just straight MD5 only. Can anyone point me in the right direction? Preferrably something free or affordable.It’s in the md5(hash.salt) format.

Yes, I have tried using hashcat and crackstations wordlist to no avail.

Thanks

Firewall Cracking using Kali-Linux

Total amateur here. I have created a firewall using iptables on a Linux virtual machine and now I need to crack it, I was thinking using of using DoS, brute force attacks or crafting packets in some way but I’m not really sure how to implement any of these.

Looking for anything in the way of advice or sign posting me to useful resources, thanks.

I built the firewall using these tutorials: https://wiki.archlinux.org/index.php/Simple_stateful_firewall https://evilshit.wordpress.com/2013/12/17/how-to-set-up-a-stateful-firewall-with-iptables/ (only used for port knocking)

I’m having problems with Hydra cracking

I’ve tried hydra to crack one of my friends’ web

my line is – hydra -l ” -P /usr/share/wordlists/rockyou.txt.gz zskostomlatypm.cz http-post-form “/admin:passwd=^PASS^

the thing is, i don’t know if it’s working because the site only has password form, no username

another point is it doesnt output any error mesage

the web is http://zskostomlatypm.cz/

Cracking .NET random

I know .NET has two PRNGs, one secure and one insecure. I would like to be referenced to a tool/article about cracking the insecure one (I want to use it to test an .aspx site). I searched it all over but I only found references to cracking The random of Java, C and PHP.

user password authentication and cracking password – multiple rounds of hashing

when multiple rounds of hashing are performed, why is it that john the ripper cannot crack hashed passwords? (multiple rounds of hashes basically). On the other hand, the system can, however, authenticate a user even when passwords are stored using multiple hashing. how does it do that? is it that John the ripper can only crack 1 level of the hashed password. and the system just matches the hash to the database or something?

.NET application protection technique against cracking

I’m trying to protect my software against cracking. Protection against cracking is crucial before listing the product on market.

Info about the software:

  • Built using .NET C# (Framework 4.5.2)
  • WinForms
  • 32 bit

I have made a several protection layers:

  • Obfuscation, Renaming, anti-debugging
  • Encrypted communications between software and API server (RSA) public key hard-coded
  • The client will generate a temporary AES keys and encrypt it with server public key then sends it to server, The server will decrypt the data with his RSA Private key and respond with a new AES keys encrypted with the ones provided by the client at first request. Then any communication from client to server will be signed by server RSA pub key and encrypted by AES Keys provided by the server.

  • Verify libraries integrity by requesting libraries checksum from API and compare it.

And the most important part is, the application will once request “custom data” from API server and store it in memory, to be used by internal software functions. When a function in the application called it will use the “custom data” as input, so there’s no way for the software to operate correctly without having the “custom data”

The API server provides the “custom data” after verifying software activation code and machine unique ID.

The question is:

  • With all of these layers, can the software cracked?
  • Can the custom data layer bypassed?
  • If a cracker bypassed the protection layers until the “custom data” part, it’s possible to clone the software with the “custom data” meaning the software can operate without need to request the custom data from the API?

What i mean by custom data is making the software hybrid, always needs data from API to function

I am counting on the “custom data” protection layer.

Please let me hear your recommendations. thanks a lot