lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <AANLkTi=ehZEWqkM7QUd6oTGEMq0gCi7pteGrfrnJOLY5@mail.gmail.com>
Date: Thu, 31 Mar 2011 00:12:58 +0530
From: Nagareshwar Talekar <tnagareshwar@...il.com>
To: Tim <tim-security@...tinelchicken.org>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Launched New Tool - RAR Password Unlocker

Hey Guys,

That's interesting reversing work and we appreciate your comments on the same.

This tool is from one of our contributing author, Neeraj
(appnimi.com). He is new into this tool development and protocols
where we acknowledge other's contribution in our work.

I have now talked to author and he will be introducing ACK section for
the same. Soon we will update on our pages too.

Generally we give complete credit to other's work however small it may be !

Thank you !

With Regards
Nagareshwar Talekar

http://SecurityXploded.com
http://PasswordForensics.com/
http://NetCertScanner.com
http://twitter.com/securityxploded



On Wed, Mar 30, 2011 at 8:29 PM, Tim <tim-security@...tinelchicken.org> wrote:
>> > why do we need installer then? distribute that tool as single
>> > executable.
>>
>> Because without the installer, it can't try to "monetize" the install by installing search toolbars! (It's nice enough to continue the install if you reject their terms, though.)
>>
>>
>> On 2011-03-29, at 13:13, Jo Galara wrote:
>> > How does it work? Bruteforce?
>>
>> Yes, but... well, JAD does a better job of explaining than I possibly could:
>>
>> >      Runtime rt = Runtime.getRuntime();
>> >
>> >      String str = "7z.exe x ";
>> >      str = str + "\"" + _filepath + "\" ";
>> >      str = str + "-p\"" + pwd + "\" ";
>> >      str = str + "-o\"" + _destpath + "\"";
>> >      str = str + " -y";
>> >
>> >      System.out.println(str);
>> >
>> >      Process p = rt.exec(str);
>> >      p.waitFor();
>> >
>> >      if (p.exitValue() == 0)
>> >      {
>> >        ret = true;
>> >      }
>
>
> That's funny (i.e. pathetic).
>
> A quick search of the tool's website doesn't reveal any links to the
> 7-zip website.  I'm not going to bother to download this tool, since a
> 1-line shell script would accomplish the same thing, but if 7-zip
> isn't linked to in the accompanying documentation, then that would be
> a violation of the LGPL.  From 7-zip's FAQ:
>
>  Can I use the EXE or DLL files from 7-Zip in a Commercial Application?
>
>  Yes, but you are required to specify in your documentation (1) that
>  you used parts of the 7-Zip program, (2) that 7-Zip is licensed under
>  the GNU LGPL license and (3) you must give a link to www.7-zip.org,
>  where the source code can be found.
>
>
> tim
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ