Vinod Mathew Sebastian

Posted on Aug 3, 2023

How I unsuccessfully tried to recover my lost password

#hacking #security #learning

Among other things, I am a typist.

I am comfortable with typing to the point that a long time ago I started to enter passwords by typing - without even looking at the keyboard.

Earlier I had some data which I compressed, encrypted, and password-protected with the popular compression utility - 7z.

I then chose an eight-letter password. It is weak by today's standards.

The aim was to protect it from the prying eyes of other people who use the computer - nothing too serious.

I compressed a few files and folders with 7z and deleted the original ones.

But when I tried to open them later, some of them simply would not open.

The passwords I thought I used were not the passwords 7z used to encrypt them.

That was when I started to think about the ways to recover them.

I started with rarcrack - an open source 51 kb tool for brute-forcing 7z files.

This program would try to generate all types of combinations with the 8 letters we give - not in any particular order. Then it tries to brute-force it open with the passwords it generates.

But after some time I found the process too slow.

I felt that it would take an eternity before I get my files back.

I hit ctrl + c.

The next option was John the Ripper.

Programs like 7z hash the password.

Once hashed, no one - no program can find the original string.

Hashing - the process is irreversible.

So what does John the Ripper do?

John breaks passwords by comparing the hash value of the password it generates with the original hash.

Once it finds a match, John knows the password.

Another hugely popular option is Hashcat.

Again, I thought these would be overkill for a job like this.

I did a little math.

It is an 8-letter password.

Every key has only two characters.

This is a binary choice scenario.

So, there would only be 256 possible password combinations.

2^8 = 256

If we know the password, we have this bash one-liner to execute on the command line.

password=<password> ; 7z x -p$password name_of_the_file.7z

I tried to automate the process.

I generated all the possible 256 matches with this Python script.

first_letter = ['r', 'R']
second_letter = ['o', 'O']
third_letter = ['c', 'C']
fourth_letter = ['k', 'K']
fifth_letter = ['s', 'S']
sixth_letter = ['t', 'T']
seventh_letter = ['a', 'A']
eighth_letter = ['5', '%']
password_string = '\"'

for x in range (0,2):
    for y in range (0,2):
        for z in range (0,2):
            for a in range (0,2):
                for b in range (0,2):
                    for c in range (0,2):
                        for d in range (0,2):
                            for e in range (0,2):
                                password_string = password_string + first_letter[x]+ second_letter[y] + third_letter[z] + fourth_letter[a] + fifth_letter[b] + sixth_letter[c] + seventh_letter[d] + eighth_letter[e] + '\", \"'

print(password_string)

Then another script to generate the bash file.


passwd_array = [ "rocksta5", "rocksta%", "rockstA5", "rockstA%", "rocksTa5", "rocksTa%", "rocksTA5", "rocksTA%", "rockSta5", "rockSta%", "rockStA5", "rockStA%", "rockSTa5", "rockSTa%", "rockSTA5", "rockSTA%", "rocKsta5", "rocKsta%", "rocKstA5", "rocKstA%", "rocKsTa5", "rocKsTa%", "rocKsTA5", "rocKsTA%", "rocKSta5", "rocKSta%", "rocKStA5", "rocKStA%", "rocKSTa5", "rocKSTa%", "rocKSTA5", "rocKSTA%", "roCksta5", "roCksta%", "roCkstA5", "roCkstA%", "roCksTa5", "roCksTa%", "roCksTA5", "roCksTA%", "roCkSta5", "roCkSta%", "roCkStA5", "roCkStA%", "roCkSTa5", "roCkSTa%", "roCkSTA5", "roCkSTA%", "roCKsta5", "roCKsta%", "roCKstA5", "roCKstA%", "roCKsTa5", "roCKsTa%", "roCKsTA5", "roCKsTA%", "roCKSta5", "roCKSta%", "roCKStA5", "roCKStA%", "roCKSTa5", "roCKSTa%", "roCKSTA5", "roCKSTA%", "rOcksta5", "rOcksta%", "rOckstA5", "rOckstA%", "rOcksTa5", "rOcksTa%", "rOcksTA5", "rOcksTA%", "rOckSta5", "rOckSta%", "rOckStA5", "rOckStA%", "rOckSTa5", "rOckSTa%", "rOckSTA5", "rOckSTA%", "rOcKsta5", "rOcKsta%", "rOcKstA5", "rOcKstA%", "rOcKsTa5", "rOcKsTa%", "rOcKsTA5", "rOcKsTA%", "rOcKSta5", "rOcKSta%", "rOcKStA5", "rOcKStA%", "rOcKSTa5", "rOcKSTa%", "rOcKSTA5", "rOcKSTA%", "rOCksta5", "rOCksta%", "rOCkstA5", "rOCkstA%", "rOCksTa5", "rOCksTa%", "rOCksTA5", "rOCksTA%", "rOCkSta5", "rOCkSta%", "rOCkStA5", "rOCkStA%", "rOCkSTa5", "rOCkSTa%", "rOCkSTA5", "rOCkSTA%", "rOCKsta5", "rOCKsta%", "rOCKstA5", "rOCKstA%", "rOCKsTa5", "rOCKsTa%", "rOCKsTA5", "rOCKsTA%", "rOCKSta5", "rOCKSta%", "rOCKStA5", "rOCKStA%", "rOCKSTa5", "rOCKSTa%", "rOCKSTA5", "rOCKSTA%", "Rocksta5", "Rocksta%", "RockstA5", "RockstA%", "RocksTa5", "RocksTa%", "RocksTA5", "RocksTA%", "RockSta5", "RockSta%", "RockStA5", "RockStA%", "RockSTa5", "RockSTa%", "RockSTA5", "RockSTA%", "RocKsta5", "RocKsta%", "RocKstA5", "RocKstA%", "RocKsTa5", "RocKsTa%", "RocKsTA5", "RocKsTA%", "RocKSta5", "RocKSta%", "RocKStA5", "RocKStA%", "RocKSTa5", "RocKSTa%", "RocKSTA5", "RocKSTA%", "RoCksta5", "RoCksta%", "RoCkstA5", "RoCkstA%", "RoCksTa5", "RoCksTa%", "RoCksTA5", "RoCksTA%", "RoCkSta5", "RoCkSta%", "RoCkStA5", "RoCkStA%", "RoCkSTa5", "RoCkSTa%", "RoCkSTA5", "RoCkSTA%", "RoCKsta5", "RoCKsta%", "RoCKstA5", "RoCKstA%", "RoCKsTa5", "RoCKsTa%", "RoCKsTA5", "RoCKsTA%", "RoCKSta5", "RoCKSta%", "RoCKStA5", "RoCKStA%", "RoCKSTa5", "RoCKSTa%", "RoCKSTA5", "RoCKSTA%", "ROcksta5", "ROcksta%", "ROckstA5", "ROckstA%", "ROcksTa5", "ROcksTa%", "ROcksTA5", "ROcksTA%", "ROckSta5", "ROckSta%", "ROckStA5", "ROckStA%", "ROckSTa5", "ROckSTa%", "ROckSTA5", "ROckSTA%", "ROcKsta5", "ROcKsta%", "ROcKstA5", "ROcKstA%", "ROcKsTa5", "ROcKsTa%", "ROcKsTA5", "ROcKsTA%", "ROcKSta5", "ROcKSta%", "ROcKStA5", "ROcKStA%", "ROcKSTa5", "ROcKSTa%", "ROcKSTA5", "ROcKSTA%", "ROCksta5", "ROCksta%", "ROCkstA5", "ROCkstA%", "ROCksTa5", "ROCksTa%", "ROCksTA5", "ROCksTA%", "ROCkSta5", "ROCkSta%", "ROCkStA5", "ROCkStA%", "ROCkSTa5", "ROCkSTa%", "ROCkSTA5", "ROCkSTA%", "ROCKsta5", "ROCKsta%", "ROCKstA5", "ROCKstA%", "ROCKsTa5", "ROCKsTa%", "ROCKsTA5", "ROCKsTA%", "ROCKSta5", "ROCKSta%", "ROCKStA5", "ROCKStA%", "ROCKSTa5", "ROCKSTa%", "ROCKSTA5", "ROCKSTA%" ]

for passwd in passwd_array:

    print(f'password={passwd} ; 7z x -p$password archive8.7z ')

Simple enough, I saved the bash script with the name brute_forcing.sh


#! /bin/bash
# Brute-forcing by vms

password=rocksta5 ; 7z x -p$password archive8.7z 
password=rocksta% ; 7z x -p$password archive8.7z 
password=rockstA5 ; 7z x -p$password archive8.7z 
password=rockstA% ; 7z x -p$password archive8.7z 
password=rocksTa5 ; 7z x -p$password archive8.7z 
password=rocksTa% ; 7z x -p$password archive8.7z 
password=rocksTA5 ; 7z x -p$password archive8.7z 
password=rocksTA% ; 7z x -p$password archive8.7z 
password=rockSta5 ; 7z x -p$password archive8.7z 
password=rockSta% ; 7z x -p$password archive8.7z 
password=rockStA5 ; 7z x -p$password archive8.7z 
password=rockStA% ; 7z x -p$password archive8.7z 
password=rockSTa5 ; 7z x -p$password archive8.7z 
password=rockSTa% ; 7z x -p$password archive8.7z 
password=rockSTA5 ; 7z x -p$password archive8.7z 
password=rockSTA% ; 7z x -p$password archive8.7z 
password=rocKsta5 ; 7z x -p$password archive8.7z 
password=rocKsta% ; 7z x -p$password archive8.7z 
password=rocKstA5 ; 7z x -p$password archive8.7z 
password=rocKstA% ; 7z x -p$password archive8.7z 
password=rocKsTa5 ; 7z x -p$password archive8.7z 
password=rocKsTa% ; 7z x -p$password archive8.7z 
password=rocKsTA5 ; 7z x -p$password archive8.7z 
password=rocKsTA% ; 7z x -p$password archive8.7z 
password=rocKSta5 ; 7z x -p$password archive8.7z 
password=rocKSta% ; 7z x -p$password archive8.7z 
password=rocKStA5 ; 7z x -p$password archive8.7z 
password=rocKStA% ; 7z x -p$password archive8.7z 
password=rocKSTa5 ; 7z x -p$password archive8.7z 
password=rocKSTa% ; 7z x -p$password archive8.7z 
password=rocKSTA5 ; 7z x -p$password archive8.7z 
password=rocKSTA% ; 7z x -p$password archive8.7z 
password=roCksta5 ; 7z x -p$password archive8.7z 
password=roCksta% ; 7z x -p$password archive8.7z 
password=roCkstA5 ; 7z x -p$password archive8.7z 
password=roCkstA% ; 7z x -p$password archive8.7z 
password=roCksTa5 ; 7z x -p$password archive8.7z 
password=roCksTa% ; 7z x -p$password archive8.7z 
password=roCksTA5 ; 7z x -p$password archive8.7z 
password=roCksTA% ; 7z x -p$password archive8.7z 
password=roCkSta5 ; 7z x -p$password archive8.7z 
password=roCkSta% ; 7z x -p$password archive8.7z 
password=roCkStA5 ; 7z x -p$password archive8.7z 
password=roCkStA% ; 7z x -p$password archive8.7z 
password=roCkSTa5 ; 7z x -p$password archive8.7z 
password=roCkSTa% ; 7z x -p$password archive8.7z 
password=roCkSTA5 ; 7z x -p$password archive8.7z 
password=roCkSTA% ; 7z x -p$password archive8.7z 
password=roCKsta5 ; 7z x -p$password archive8.7z 
password=roCKsta% ; 7z x -p$password archive8.7z 
password=roCKstA5 ; 7z x -p$password archive8.7z 
password=roCKstA% ; 7z x -p$password archive8.7z 
password=roCKsTa5 ; 7z x -p$password archive8.7z 
password=roCKsTa% ; 7z x -p$password archive8.7z 
password=roCKsTA5 ; 7z x -p$password archive8.7z 
password=roCKsTA% ; 7z x -p$password archive8.7z 
password=roCKSta5 ; 7z x -p$password archive8.7z 
password=roCKSta% ; 7z x -p$password archive8.7z 
password=roCKStA5 ; 7z x -p$password archive8.7z 
password=roCKStA% ; 7z x -p$password archive8.7z 
password=roCKSTa5 ; 7z x -p$password archive8.7z 
password=roCKSTa% ; 7z x -p$password archive8.7z 
password=roCKSTA5 ; 7z x -p$password archive8.7z 
password=roCKSTA% ; 7z x -p$password archive8.7z 
password=rOcksta5 ; 7z x -p$password archive8.7z 
password=rOcksta% ; 7z x -p$password archive8.7z 
password=rOckstA5 ; 7z x -p$password archive8.7z 
password=rOckstA% ; 7z x -p$password archive8.7z 
password=rOcksTa5 ; 7z x -p$password archive8.7z 
password=rOcksTa% ; 7z x -p$password archive8.7z 
password=rOcksTA5 ; 7z x -p$password archive8.7z 
password=rOcksTA% ; 7z x -p$password archive8.7z 
password=rOckSta5 ; 7z x -p$password archive8.7z 
password=rOckSta% ; 7z x -p$password archive8.7z 
password=rOckStA5 ; 7z x -p$password archive8.7z 
password=rOckStA% ; 7z x -p$password archive8.7z 
password=rOckSTa5 ; 7z x -p$password archive8.7z 
password=rOckSTa% ; 7z x -p$password archive8.7z 
password=rOckSTA5 ; 7z x -p$password archive8.7z 
password=rOckSTA% ; 7z x -p$password archive8.7z 
password=rOcKsta5 ; 7z x -p$password archive8.7z 
password=rOcKsta% ; 7z x -p$password archive8.7z 
password=rOcKstA5 ; 7z x -p$password archive8.7z 
password=rOcKstA% ; 7z x -p$password archive8.7z 
password=rOcKsTa5 ; 7z x -p$password archive8.7z 
password=rOcKsTa% ; 7z x -p$password archive8.7z 
password=rOcKsTA5 ; 7z x -p$password archive8.7z 
password=rOcKsTA% ; 7z x -p$password archive8.7z 
password=rOcKSta5 ; 7z x -p$password archive8.7z 
password=rOcKSta% ; 7z x -p$password archive8.7z 
password=rOcKStA5 ; 7z x -p$password archive8.7z 
password=rOcKStA% ; 7z x -p$password archive8.7z 
password=rOcKSTa5 ; 7z x -p$password archive8.7z 
password=rOcKSTa% ; 7z x -p$password archive8.7z 
password=rOcKSTA5 ; 7z x -p$password archive8.7z 
password=rOcKSTA% ; 7z x -p$password archive8.7z 
password=rOCksta5 ; 7z x -p$password archive8.7z 
password=rOCksta% ; 7z x -p$password archive8.7z 
password=rOCkstA5 ; 7z x -p$password archive8.7z 
password=rOCkstA% ; 7z x -p$password archive8.7z 
password=rOCksTa5 ; 7z x -p$password archive8.7z 
password=rOCksTa% ; 7z x -p$password archive8.7z 
password=rOCksTA5 ; 7z x -p$password archive8.7z 
password=rOCksTA% ; 7z x -p$password archive8.7z 
password=rOCkSta5 ; 7z x -p$password archive8.7z 
password=rOCkSta% ; 7z x -p$password archive8.7z 
password=rOCkStA5 ; 7z x -p$password archive8.7z 
password=rOCkStA% ; 7z x -p$password archive8.7z 
password=rOCkSTa5 ; 7z x -p$password archive8.7z 
password=rOCkSTa% ; 7z x -p$password archive8.7z 
password=rOCkSTA5 ; 7z x -p$password archive8.7z 
password=rOCkSTA% ; 7z x -p$password archive8.7z 
password=rOCKsta5 ; 7z x -p$password archive8.7z 
password=rOCKsta% ; 7z x -p$password archive8.7z 
password=rOCKstA5 ; 7z x -p$password archive8.7z 
password=rOCKstA% ; 7z x -p$password archive8.7z 
password=rOCKsTa5 ; 7z x -p$password archive8.7z 
password=rOCKsTa% ; 7z x -p$password archive8.7z 
password=rOCKsTA5 ; 7z x -p$password archive8.7z 
password=rOCKsTA% ; 7z x -p$password archive8.7z 
password=rOCKSta5 ; 7z x -p$password archive8.7z 
password=rOCKSta% ; 7z x -p$password archive8.7z 
password=rOCKStA5 ; 7z x -p$password archive8.7z 
password=rOCKStA% ; 7z x -p$password archive8.7z 
password=rOCKSTa5 ; 7z x -p$password archive8.7z 
password=rOCKSTa% ; 7z x -p$password archive8.7z 
password=rOCKSTA5 ; 7z x -p$password archive8.7z 
password=rOCKSTA% ; 7z x -p$password archive8.7z 
password=Rocksta5 ; 7z x -p$password archive8.7z 
password=Rocksta% ; 7z x -p$password archive8.7z 
password=RockstA5 ; 7z x -p$password archive8.7z 
password=RockstA% ; 7z x -p$password archive8.7z 
password=RocksTa5 ; 7z x -p$password archive8.7z 
password=RocksTa% ; 7z x -p$password archive8.7z 
password=RocksTA5 ; 7z x -p$password archive8.7z 
password=RocksTA% ; 7z x -p$password archive8.7z 
password=RockSta5 ; 7z x -p$password archive8.7z 
password=RockSta% ; 7z x -p$password archive8.7z 
password=RockStA5 ; 7z x -p$password archive8.7z 
password=RockStA% ; 7z x -p$password archive8.7z 
password=RockSTa5 ; 7z x -p$password archive8.7z 
password=RockSTa% ; 7z x -p$password archive8.7z 
password=RockSTA5 ; 7z x -p$password archive8.7z 
password=RockSTA% ; 7z x -p$password archive8.7z 
password=RocKsta5 ; 7z x -p$password archive8.7z 
password=RocKsta% ; 7z x -p$password archive8.7z 
password=RocKstA5 ; 7z x -p$password archive8.7z 
password=RocKstA% ; 7z x -p$password archive8.7z 
password=RocKsTa5 ; 7z x -p$password archive8.7z 
password=RocKsTa% ; 7z x -p$password archive8.7z 
password=RocKsTA5 ; 7z x -p$password archive8.7z 
password=RocKsTA% ; 7z x -p$password archive8.7z 
password=RocKSta5 ; 7z x -p$password archive8.7z 
password=RocKSta% ; 7z x -p$password archive8.7z 
password=RocKStA5 ; 7z x -p$password archive8.7z 
password=RocKStA% ; 7z x -p$password archive8.7z 
password=RocKSTa5 ; 7z x -p$password archive8.7z 
password=RocKSTa% ; 7z x -p$password archive8.7z 
password=RocKSTA5 ; 7z x -p$password archive8.7z 
password=RocKSTA% ; 7z x -p$password archive8.7z 
password=RoCksta5 ; 7z x -p$password archive8.7z 
password=RoCksta% ; 7z x -p$password archive8.7z 
password=RoCkstA5 ; 7z x -p$password archive8.7z 
password=RoCkstA% ; 7z x -p$password archive8.7z 
password=RoCksTa5 ; 7z x -p$password archive8.7z 
password=RoCksTa% ; 7z x -p$password archive8.7z 
password=RoCksTA5 ; 7z x -p$password archive8.7z 
password=RoCksTA% ; 7z x -p$password archive8.7z 
password=RoCkSta5 ; 7z x -p$password archive8.7z 
password=RoCkSta% ; 7z x -p$password archive8.7z 
password=RoCkStA5 ; 7z x -p$password archive8.7z 
password=RoCkStA% ; 7z x -p$password archive8.7z 
password=RoCkSTa5 ; 7z x -p$password archive8.7z 
password=RoCkSTa% ; 7z x -p$password archive8.7z 
password=RoCkSTA5 ; 7z x -p$password archive8.7z 
password=RoCkSTA% ; 7z x -p$password archive8.7z 
password=RoCKsta5 ; 7z x -p$password archive8.7z 
password=RoCKsta% ; 7z x -p$password archive8.7z 
password=RoCKstA5 ; 7z x -p$password archive8.7z 
password=RoCKstA% ; 7z x -p$password archive8.7z 
password=RoCKsTa5 ; 7z x -p$password archive8.7z 
password=RoCKsTa% ; 7z x -p$password archive8.7z 
password=RoCKsTA5 ; 7z x -p$password archive8.7z 
password=RoCKsTA% ; 7z x -p$password archive8.7z 
password=RoCKSta5 ; 7z x -p$password archive8.7z 
password=RoCKSta% ; 7z x -p$password archive8.7z 
password=RoCKStA5 ; 7z x -p$password archive8.7z 
password=RoCKStA% ; 7z x -p$password archive8.7z 
password=RoCKSTa5 ; 7z x -p$password archive8.7z 
password=RoCKSTa% ; 7z x -p$password archive8.7z 
password=RoCKSTA5 ; 7z x -p$password archive8.7z 
password=RoCKSTA% ; 7z x -p$password archive8.7z 
password=ROcksta5 ; 7z x -p$password archive8.7z 
password=ROcksta% ; 7z x -p$password archive8.7z 
password=ROckstA5 ; 7z x -p$password archive8.7z 
password=ROckstA% ; 7z x -p$password archive8.7z 
password=ROcksTa5 ; 7z x -p$password archive8.7z 
password=ROcksTa% ; 7z x -p$password archive8.7z 
password=ROcksTA5 ; 7z x -p$password archive8.7z 
password=ROcksTA% ; 7z x -p$password archive8.7z 
password=ROckSta5 ; 7z x -p$password archive8.7z 
password=ROckSta% ; 7z x -p$password archive8.7z 
password=ROckStA5 ; 7z x -p$password archive8.7z 
password=ROckStA% ; 7z x -p$password archive8.7z 
password=ROckSTa5 ; 7z x -p$password archive8.7z 
password=ROckSTa% ; 7z x -p$password archive8.7z 
password=ROckSTA5 ; 7z x -p$password archive8.7z 
password=ROckSTA% ; 7z x -p$password archive8.7z 
password=ROcKsta5 ; 7z x -p$password archive8.7z 
password=ROcKsta% ; 7z x -p$password archive8.7z 
password=ROcKstA5 ; 7z x -p$password archive8.7z 
password=ROcKstA% ; 7z x -p$password archive8.7z 
password=ROcKsTa5 ; 7z x -p$password archive8.7z 
password=ROcKsTa% ; 7z x -p$password archive8.7z 
password=ROcKsTA5 ; 7z x -p$password archive8.7z 
password=ROcKsTA% ; 7z x -p$password archive8.7z 
password=ROcKSta5 ; 7z x -p$password archive8.7z 
password=ROcKSta% ; 7z x -p$password archive8.7z 
password=ROcKStA5 ; 7z x -p$password archive8.7z 
password=ROcKStA% ; 7z x -p$password archive8.7z 
password=ROcKSTa5 ; 7z x -p$password archive8.7z 
password=ROcKSTa% ; 7z x -p$password archive8.7z 
password=ROcKSTA5 ; 7z x -p$password archive8.7z 
password=ROcKSTA% ; 7z x -p$password archive8.7z 
password=ROCksta5 ; 7z x -p$password archive8.7z 
password=ROCksta% ; 7z x -p$password archive8.7z 
password=ROCkstA5 ; 7z x -p$password archive8.7z 
password=ROCkstA% ; 7z x -p$password archive8.7z 
password=ROCksTa5 ; 7z x -p$password archive8.7z 
password=ROCksTa% ; 7z x -p$password archive8.7z 
password=ROCksTA5 ; 7z x -p$password archive8.7z 
password=ROCksTA% ; 7z x -p$password archive8.7z 
password=ROCkSta5 ; 7z x -p$password archive8.7z 
password=ROCkSta% ; 7z x -p$password archive8.7z 
password=ROCkStA5 ; 7z x -p$password archive8.7z 
password=ROCkStA% ; 7z x -p$password archive8.7z 
password=ROCkSTa5 ; 7z x -p$password archive8.7z 
password=ROCkSTa% ; 7z x -p$password archive8.7z 
password=ROCkSTA5 ; 7z x -p$password archive8.7z 
password=ROCkSTA% ; 7z x -p$password archive8.7z 
password=ROCKsta5 ; 7z x -p$password archive8.7z 
password=ROCKsta% ; 7z x -p$password archive8.7z 
password=ROCKstA5 ; 7z x -p$password archive8.7z 
password=ROCKstA% ; 7z x -p$password archive8.7z 
password=ROCKsTa5 ; 7z x -p$password archive8.7z 
password=ROCKsTa% ; 7z x -p$password archive8.7z 
password=ROCKsTA5 ; 7z x -p$password archive8.7z 
password=ROCKsTA% ; 7z x -p$password archive8.7z 
password=ROCKSta5 ; 7z x -p$password archive8.7z 
password=ROCKSta% ; 7z x -p$password archive8.7z 
password=ROCKStA5 ; 7z x -p$password archive8.7z 
password=ROCKStA% ; 7z x -p$password archive8.7z 
password=ROCKSTa5 ; 7z x -p$password archive8.7z 
password=ROCKSTa% ; 7z x -p$password archive8.7z 
password=ROCKSTA5 ; 7z x -p$password archive8.7z 
password=ROCKSTA% ; 7z x -p$password archive8.7z

Then I edited the file permissions to make it executable.

chmod +x brute_forcing.sh && ./brute_forcing.sh

It ran for a few seconds, ran all the 256 key combinations, and came to a grinding halt.

Still, the file is not open.

A bug in the code?

To test, I made a 7z container. I then added some files to the archive and took a password from the middle of the brute_forcing.sh to encrypt it.

I ran the script again.

Voila! It works. It only took two seconds.

Now, I have to expand my wordlist with keys where my fingers would have accidentally hit. For example, I could have pressed the z button instead of 'a'. It is directly beneath the 'a' key on a qwerty keyboard.

Still, there is also a chance that this might not work.

But I have not lost hope.

I shall get a machine running John or Hashcat. Again, my wordlist shall be much smaller since this is a binary choice problem.

Also, I was thinking about passwords in general. Given access to systems, hackers can easily break a lot of weak passwords in minutes, if not seconds. This is a case in point for using long complex passwords where it matters the most - at least on the login prompt.

Top comments (2)

Aaron Reese • Aug 3 '23

Long passwords are harder than complex passwords. Assuming upper lower numbers and main punctuation every character you add makes it 70x harder to brute force. 2 characters make it 4900x harder to break. 3 characters make it 35000x harder.
When stupid SecOps rules say it has to contain specific combinations of character types the constraints actually make it EASIER to crack.

Vinod Mathew Sebastian • Aug 5 '23 • Edited

All of the above code in 50 lines of bash.

#! /bin/bash
# brute_forcing by vms

#Generating all the 256 password combinations

first_letter=("r" "R")
second_letter=("o" O)
third_letter=("c" "C")
fourth_letter=("k" "K")
fifth_letter=("s" "S")
sixth_letter=("t" "T")
seventh_letter=("a" "A")
eighth_letter=("5" "%")
my_str=""

for((x=0; x<2; x++)); do
    for ((y=0; y<2; y++)); do
        for ((z=0; z<2; z++)); do
            for ((a=0; a<2; a++)); do
                for ((b=0; b<2; b++)); do
                    for ((c=0; c<2; c++)); do
                        for((d=0; d<2; d++)); do
                            for ((e=0; e<2; e++)); do
                            my_str="${my_str}${first_letter[x]}${second_letter[y]}${third_letter[z]}${fourth_letter[a]}${fifth_letter[b]}${sixth_letter[c]}${seventh_letter[d]}${eighth_letter[e]} "
                            done
                         done
                    done
                 done
            done
         done
    done
done

#Trimming the trailing space at the end of the string

my_str="${my_str%" "}"

#Converting the string into an array

IFS=" " read -ra pass_array <<< "${my_str}"

# Programmatically brute-forcing with all the 256 combinations

for pass in "${pass_array[@]}"; do

output="password=$pass; $(7z  x -p$pass archive8.7z)"

$("$output")

done

DEV Community

How I unsuccessfully tried to recover my lost password

Top comments (2)

Read next

What are you learning about this weekend? 🧠

Understanding CSS Cascade, Selectors and Specificity

Compliant infrastructure using infrastructure as code

Content Delivery Network Explained 🌎⚡️