Whats the point in having software's like Veracrypt, which end of the day needs password to decrypt?
Encrypted archives are fine if you want to send encrypted data to somebody else, or perhaps to encrypt a backup.
Disk encryption software like TrueCrypt target different use cases:
You can encrypt your system drive. You get prompted for your password on boot. If somebody steals your computer/hard disk they can't read your data without guessing the password.
Mounting encrypted partitions and containers. Once you mount a container all the files in it are accessible to every program transparently, instead of needing a specialized tool.
Since you can use any filesystem supported by you OS on top of a TrueCrypt container (file, partition or whole disk). These filesystems support efficient random read- and write access. Compressed archives are meant to be created and unpacked as one long operation, they're not suitable for mounting.
If I remember correctly, rar uses ECB mode for encryption. This is very bad for uncompressed data, but compression should eliminate should remove most of the plaintext structure/repetition, so it's slightly less bad in the common case of compressed files in a rar archive.
Now the problem with password is that: it can broken using brute force attack.
Not necessarily.
It's possible to mitigate bruce-forcing of passwords such that it is practically impossible to brute-force them. It requires mitigation in the system, but it also requires that the password is secure too.
When an encryption scheme derives its key from a password, it does so using a derivation function, which takes the password as input and generates a sufficiently long key string from it. A simple example of a derivation function is just a plain hash function, like SHA-512 or Whirlpool. Such a derivation function is easy to brute-force, because it runs very quickly and doesn't use many resources, so you can run it millions of times per second in order to try millions of possible passwords a second. Running on a GPU can extend this to hundreds of millions of passwords tried per second because it can be calculating many hashes in parallel.
But encryption schemes like the one in Veracrypt use a derivation function that is difficult to brute-force, because it requires a lot of computing time and resources. For example, instead of running a SHA-512 or Whirlpool hash over the password once to derive the key, it runs that hash function over and over again, thousands of times, each time feeding the output back into the hash function again. Veracrypt does this at least 200,000 times, and up to around 650,000 times. When brute-forcing a password, you would have to run the hash function that many times, just to attempt a single password. It reduces the number of passwords you can brute-force per second from, say, 1 million passwords per second down to maybe 1.5 (one and a half) passwords per second. This all but kills the ability to brute-force. GPUs would still be able to do it faster, if they work on many different passwords at once, but you still get around 1/650,000 the ability to brute-force.
Which brings us to password length. If your password is short or trivial ("12345" or "hunter2"), it's trivial to brute-force it no matter what. Passwords need to be long and unpredictable enough that they are unlikely to be discovered within the first billion attempts in a brute-force. The good thing is that every character you add to your password multiplies its resistance to brute-forcing significantly. If you have a 20-character password that is not predictable (eg random letters with numbers), it's going to be practically impossible to brute force. Coupled with Veracrypt's brute-force mitigation which slows down the ability to brute-force by hundreds of thousands of times, now a 16-character password is just as secure. And even a short password eg 10-12 characters will probably be unfeasible to brute-force - that is, it may still not be discovered after months or years of attempted brute-forcing.
VeraCrypt doesn't have to use passwords, they can use smartcards, too. If you read VeraCrypt's documentation, you can see so many differences from a simple encrypted archive.
If your question is simply, "I don't see why encryption is a protection if all you need is a password to decrypt", then we can talk about that. Yes, passwords can be brute-forced, which is why VeraCrypt offers things like hidden volumes. In any case, the protection of the password becomes very important.