Rar Extract Password

0 views
Skip to first unread message

Tordis Hurrle

unread,
Aug 3, 2024, 5:08:46 PM8/3/24
to omeximtor

Note: I am really, really aware of what this means, security wise. I also understand that the user is supposed to be the master of their passwords and do not trust the server.
Everyone is fine with me having access to all passwords, there is no malicious or creepy intent here.

Why I ask the question: I am a typical 24/7/365 online, all-encompassing computer support for my family (this includes setting up the time on the oven) so I would like to simplify my life. And yes, I really understand the security implications.

That was the second option (second bullet in the post) in the solutions I thought about so far. Unfortunately it is not possible AFAIK to force someone to store their passwords in an organization. And knowing my family, there will be a 50% success in the implementation

Well, that last one could be a feature request.
Somewhere in my memory it is stored that i have seen it somewhere.
But it is not within the main bitwarden_rs code maybe i have seen it in some fork.

Yes I know but this is not sustainable for my usecase. It is really oriented to a complete trust kind of support, where the users are not computer litterate. This is why I why I need to cover all the bases, this is the case for instance with nextcloud where I can control all their files and back them up accordingly (and email, etc.)

In my web app I need user to enter meetingId and meeting password (which for both there is no copy button in the zoom desktop), so to make it easier for user I want to let user copy paste the whole zoom meeting url, then I extract meetingId and password from Url, meetingId is straight forward, password seems to be hashed. I tried base64, and double base64, seems not to correct.

As it looks like this is related to the Zoom Desktop App, I recommend reaching out via our Feedback Form or reaching out to our Customer Support Team to submit a feature request. Those channels will make sure the feature request is sent to the right team.

Unfortunately, we are unable to respond to your open tickets at this time. We encourage you to leverage our Online Resources. If you are a part of a corporate account, and need advanced technical support beyond our Online Resources, please contact your Zoom account administrators.

First, if the zip actually doesn't have a password on it then you will be able to extract the pdf files no problem. then the issue becomes opening the pdf files with a password you forgot. Google "pdf password" and you will find some links to software that can remove the password, the one I have used costed $30.

Second, you are mentioning the zip, because you probably can't unzip it. If this is the case, then there actually is a password on the zip file. Windows natively can't recognize this. You need to install 7Zip, Winzip or WinRar. any one of them will prompt you for the password that you don't even know is there.

If you have one of those programs and the Zip file really doesn't have a password and it still won't unzip, then you still need to run a password removal tool on the zip file even though it doesn't have a password.

sp_help_revlogin will only create a script that you can use to transfer the login to another server, but it will not give you the password. The password is not stored in any table in SQL Server so there is no place to get it from.

That extracts the hashed password, it doesn't reverse the one-way hash and give you back the original password. The reason you can script logins and their passwords from one server to another is that the create login statement allows for a pre-hashed password, which is what sp_help_revlogin gives it.

I am aware that the header: sysparm_display_value can hide the value but I need to figure how the external system can get the password field value via REST API or is something else required on the external system to get the password field value?

I don't recommend sending password over clear text. But you might need a scripted rest API to handle the query and decrypt the value before sending it back to the requestor service. You might be able to decrypt and then make up your own encryption that can be decrypted on your requestor service.

Currently we are working on a monthly internal security test which among other should contain a verification of the real password strength the users choose. For this reason I want to extract the password hashes of all users via LDAP. Everything I found was this technet discussion telling me I cant extract the hashes even not as an Administrator which I really can't (don't want) to believe.

This permission is used by domain controllers to replicate the AD database (including stored user password hashes). It is also used by Microsoft Azure AD password sync, as well as 3rd party implementations.

This privilege (i.e., without -All) cannot extract sensitive password hash data. There are commercial directory data sync products, like Microsoft MIIS/ILM/FIM/MIM that rely on that privilege. Also domain controllers of type READONLY for DMZ usage use this privilege.

Password filter DLLs or PCNS installations on domain controllers do not use these two privileges and also do not grant access to stored AD hashes. They just allow forward a password (at the moment when it's gets changed by the user) to some external processing target that will then set the same password on 3rd party systems within your company.

While a password filter DLL/PCNS will only be able to synchronize passwords that get changed by the user after the filter/PCNS solution has been deployed, the Replication together with the DS-Replication-Get-Changes-All can also synchronize AD password hashes that have been there before the sync solution was deployed.

It could of course be highly problematic, if used carelessly. But the same goes for careless ACL changes in your AD, granting extensive remote access to your AD, permitting domain and schema admins to anyone and so on......

It's an open door, if you open it. It you don't need it, don't open that door. And if you do open that door, then harden it properly, such that only planned guest can enter that door to touch your precious parts.

So the regular business cases of this read-password-hashes-from-AD mechanism is to synchronize AD hashes to other legitimate authentication systems or to migrate existing company AD hashes to an other 3rd party authentication directory.

So, this whole reasoning is kind of insane. Auditing password correctness after the fact is a bad idea (because you either need the original password, or a weak hash that can effectively be rainbow-tabled), and writing services or tools to extract the weak hashes is prone to serious error or danger. Less importantly, it's overkill, and a waste of cycles and resources.

The better solution is to just use a password filter and verify the password changes meet minimum requirements before allowing the user to actually make the change. Then, expire all the passwords if you're serious about guaranteeing complexity (though that might annoy some people).

To pull the passwords remotely, the best solution is to use DC SYNC (DRSUAPI) techniques. Domain controllers use this protocol to sync their information back and forth. If you have Domain Administrator credentials, you can use this protocol to grab all hashes from the domain controller. There are two easy tools to do this:

I self hosted bitwarden with docker a while back (a couple years maybe [shurg]) and I had backups of the directory including the db.sqlite3 file. I just found out my wife had been using BW after she told me she would never use it and I need to get her passwords back.

I installed the latest version of BW but it looks like a bit has been updated since my install. Not sure if this matters. I found something that did say you could replace the data/db.sqlite3 file and start things up. I have done this and it starts up but I can not log in with her (or my) account to export her data.

Until fairly recently Bitwarden did not support any other forms of DB such as sqlite, new database options are supported on the new Bitwarden Unified (Beta) but from what it sounds like you most likely originally downloaded some form of unofficial 3rd party service which mimics much of the same functionality of the official Bitwarden release.

Like many other community members here you may have originally installed Vaultwarden, also originally known as Bitwarden_RS. Though I would recommend double-checking the server and advise to visit the appropriate support forum for the software you are running for their community support.

Once you get things figured out and are able to export the passwords, you will thankfully have them for your own use. You can even import them again into the official Bitwarden self-hosted options, or directly to the SaaS cloud service for continued ease of use with the mobile apps, browser extension, and other clients.

I had downloaded my Samsung Cloud files on to my laptop. The files were .z01, .z02, .z03, etc... files so I had to use WinRAR to extract the files instead of using Windows' own unzip function. I could use that function but the photos would then be unviewable. It would say 'Photos can't open this file because the format is currently unsupported, or the file is corrupt. '

I don't have those files on my phone anymore, only on my laptop. Is there any way to get the files onto my phone so that I can see the contents of the files, such as my pictures, without having to deal with the password issue?

I am looking for a way to some how extract and mask some of important information that comes within logs. I don't have absolute permission to access "props.conf" and "transforms.conf" and hence i have to first search for the key word, extract the key field and then then mask it. The information that i wish to mask is password and login credentials which is part of field .
USER_CREDENTIAL, field is of the format \"userID\":\"ABC1234\" ,\"password\":\"abcd345\", \"email\":\"ab...@gmail.com\",\"country\":\"AAAA\"
i tried the following format to extract "password", rex field=USER_CREDENTIAL "(?\w+\D+\w+[^\]) but it extract both userID and password as PASSWORD,
I am also looking for an easy way to mask the same, earlier i tried of masking the details but i was left with masking both userID and password, basesearch rex field=USER_CREDENTIAL mode=sed "s/(\w+)(\D+)(\w+)(\w+)/1\\":\\"XXXXXXX/2", but the masking is not efficient when the format in userID changes. Hence thought of extracting the field and then masking the same.
Please do suggest if there could be any easy way to get the masking done.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages