08-28-2020, 06:00 PM
I am trying to recover a 7z file, but have forgotten the password. It's completely AES-256 encrypted (i.e. not even the filenames are available).
Steps:
Generated hash file with 7z2hashcat.pl
Ran a mask attack using
After ~55 hours, hashcat completed with statusĀ cracked
The password identified in the hashcat.potfile is rejected by 7-zip
I found a discussion on hash collisions with old Office files here: https://security.stackexchange.com/a/211924
Is 7zip similarly vulnerable to hash collisions?
I would just try the steps in the linked post and see if I could generate more passwords, but given it could tie up my GPU for weeks, I'd appreciate any thoughts!
Steps:
Generated hash file with 7z2hashcat.pl
Ran a mask attack using
Code:
hashcat -a 3 -m 11600 my.hash masks\rockyou-7-2592000.hcmask
After ~55 hours, hashcat completed with statusĀ cracked
The password identified in the hashcat.potfile is rejected by 7-zip
I found a discussion on hash collisions with old Office files here: https://security.stackexchange.com/a/211924
Is 7zip similarly vulnerable to hash collisions?
I would just try the steps in the linked post and see if I could generate more passwords, but given it could tie up my GPU for weeks, I'd appreciate any thoughts!