This topic contains 1 reply, has 2 voices, and was last updated by Chipjack 1 month, 2 weeks ago.
- January 20, 2021 at 6:25 pm #353876
I have a 7z file but it’s password protected, I don’t want to brute force it as it will take thousands of hours that I don’t want to waste, so is there a way to find/remove password of 7z without bruteforing? thanks.
- January 20, 2021 at 6:25 pm #353877
Extracting the hash and throwing it against a good dictionary is really the best way to go about it. Hashcat is fast, churning through a 3GB dictionary on my machine in a couple of hours. If you can get a dictionary that’s more comprehensive, that’s even better.
I googled around for you, and [this](https://infinitelogins.com/2020/04/29/how-to-crack-encrypted-7z-archives/) is a pretty good description of the process. It certainly explains it better than I could, with pictures and everything.
I run Hashcat on my Mac rather than on a Kali virtual machine. Being able to take advantage of the GPU makes a world of difference in speed – but it does bog the machine down quite a bit while it’s running, so that’s a tradeoff you’d have to consider. If you happen to be on a Mac as well, it can be installed quite easily with [Homebrew](https://brew.sh/). If you’re on Windows, surely there’s something out there you can download and install.
I wouldn’t try brute-forcing it; that honestly would take forever. If it’s not in the best dictionary you can find, you’re probably better off finding some other way to get at the files that were archived. They might still exist somewhere in a folder on someone’s PC, or in a backup, or on Dropbox or something. Depends on what the file is.
Anyway, good luck.
- January 20, 2021 at 6:25 pm #353878
There is some history about password-protected file types where you could just “remove” the password, because it’s very _very_ badly implemented and no protection at all. If you actually want to protect the file securely you “encrypt” the data, that’s what 7z does, and which means that without the password you can’t recover the data.
There are only two options:
– Crack the key (by wordlists, rules or bruteforcing). This could take ages.
– Break the encryption. If you manage to do this, the internet collapses or you’ll make a lot of money.
- January 20, 2021 at 6:25 pm #353879
Not possible without brute forcing
- January 20, 2021 at 6:25 pm #353880
File is encrypted and encryption key is the password itself : /
So it theoretically is impossible, your only chance(Still very low) is if password is not randomly generated and is combination of words.
Then you can try bruteforcing using dictionaries
- January 20, 2021 at 6:25 pm #353881
>is there a way to find/remove password of 7z without bruteforing?
The short answer is no.
The long answer is that the password encrypts all of the data and there is no way to restore it without the password. So it’s essentially its impossible.
There are a lot of tools to make brute forcing a bit more efficient or manageable, but still brute forcing is the only way.
- January 20, 2021 at 6:25 pm #353882
Yeah, just guess the password correctly. It’s the simplest and most effective way. /s
You must be logged in to reply to this topic.