How to Use Bruteforcer – A Client-Server Multithreaded Tool To Crack RAR File Passwords

BruteForcer is a client-server multithreaded application for bruteforcing RAR file passwords. Actually, this tool is not limited to the RAR files, it is just that the tool comes with a RAR archive plugin. If you have a suitable plugin, it will support any file you want. But unfortunately there are no such plugins, if you find or create one, let me know.
This tool can crack RAR archive passwords faster than any RAR Password Cracker. But you have to use two or more machines to achieve that level of efficiency.
REMEMBER: The more clients connected to the server, the faster the cracking.

How To Use BruteForcer

First, download BruteForcer (BruteForcer_091.7z) onto your computer, then extract the file. Then open the “Server” folder and then run the “BFS.exe” file. You will see a window as shown below.
Click on Tools icon on the window.
Then set the minimum and  maximum password length, include symbols and randomize dictionary if you want. After configuring the dictionary, click on “OK“.

Now enter the name of the file you want to crack (in the main window). If that file is accessible by all clients on a network you can specify the complete path to it. Otherwise, you have to place a copy of the file on each client (just copy the file to the client folder).

Then click on the radar icon, this should start the server.

Now open the client folder and then run BFC.exe. You will see a window as shown below.

Now enter the server IP, port, and username. If the server and the client is running on the same machine, just leave it as default.
If you want to start a dictionary attack, check the “Enable wordlist attack” option and select the dictionary file (English.bfw) and then set the wordlist attack level and priority, and select the plugin (BF_Rar3.bfl), then click on “Connect“.

The wordlist attack operates at 3 different modes:

  • Level 1 – It is fastest and skips most of the combinations. It looks only for complete match with the wordlist. It can be useful only if you know that the password is just a single word.
  • Level 2 – It ignores the symbols that are not letters, and looks for a match with the wordlist. It is useful when you know that the password is a single word, surrounded by numbers or other symbols.
  • Level 3 – It checks if the current combination of symbols contains at least one meaningful word from the wordlist. This is the best mode, i suggest you use it always. The password of the test archive (test.rar) can be found only by this method (or by pure bruteforce of course).

To start a search attack, just select the plugin and set the priority and then click on the “Connect” button. This attack method is more time consuming than the dictionary attack.
Wait for completion…

The password will show up on the server window.

That’s all. I hope you guys liked this article. If you did, please share this article with your friends….

If you have any doubts, feel free to ask me.

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience