BruteForcer is a client-server multithreaded application for bruteforcing RAR file passwords. Actually, this tool is not limited to the RAR files, it is just that the tool comes with a RAR archive plugin. If you have a suitable plugin, it will support any file you want. But unfortunately there are no such plugins, if you find or create one, let me know.
This tool can crack RAR archive passwords faster than any RAR Password Cracker. But you have to use two or more machines to achieve that level of efficiency.
REMEMBER: The more clients connected to the server, the faster the cracking.
How To Use BruteForcer
First, download BruteForcer (BruteForcer_091.7z) onto your computer, then extract the file. Then open the “Server” folder and then run the “BFS.exe” file. You will see a window as shown below.
Click on Tools icon on the window.
Then set the minimum and maximum password length, include symbols and randomize dictionary if you want. After configuring the dictionary, click on “OK
Now enter the name of the file you want to crack (in the main window). If that file is accessible by all clients on a network you can specify the complete path to it. Otherwise, you have to place a copy of the file on each client (just copy the file to the client folder).
Then click on the radar icon, this should start the server.
Now open the client folder and then run BFC.exe. You will see a window as shown below.
Now enter the server IP, port, and username. If the server and the client is running on the same machine, just leave it as default.
If you want to start a dictionary attack, check the “Enable wordlist attack” option and select the dictionary file (English.bfw) and then set the wordlist attack level and priority, and select the plugin (BF_Rar3.bfl), then click on “Connect“.
The wordlist attack operates at 3 different modes:
- Level 1 – It is fastest and skips most of the combinations. It looks only for complete match with the wordlist. It can be useful only if you know that the password is just a single word.
- Level 2 – It ignores the symbols that are not letters, and looks for a match with the wordlist. It is useful when you know that the password is a single word, surrounded by numbers or other symbols.
- Level 3 – It checks if the current combination of symbols contains at least one meaningful word from the wordlist. This is the best mode, i suggest you use it always. The password of the test archive (test.rar) can be found only by this method (or by pure bruteforce of course).
To start a search attack, just select the plugin and set the priority and then click on the “Connect” button. This attack method is more time consuming than the dictionary attack.
Wait for completion…
The password will show up on the server window.
That’s all. I hope you guys liked this article. If you did, please share this article with your friends….
If you have any doubts, feel free to ask me.
The following two tabs change content below.
I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]