John the Ripper - Intro

Introduction

John the Ripper is a free and open-source password cracking tool which can crack passwords stored in various formats including hashes and encrypted private keys.

Uses

• Password auditing (assessing strength of passwords used in organizations)

• Password recovery

• Penetration testing

Hash Cracking Basics

John Basic Syntax

john [options] [path to file]

• john : Invokes the John the Ripper program

• [path to file] : The file containing the hash you're trying to crack

Automatic Cracking

Syntax:

john --wordlist=[path to wordlist] [path to file]

• --wordlist= : Specifies using wordlist mode, reading from the file that you supply in the following path

• [path to wordlist] : The path to the wordlist you're using

Example Usage:

john --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt

Here, the hash type is not specified, so the tool automatically tries to detect the hash and tries to crack it. This is a quick method, however can be unreliable sometimes.

Identifying hashes

Format-specific Cracking

Syntax:

john --format=[format] --wordlist=[path to wordlist] [path to file]

• --format= : This is the flag to tell John that you're giving it a hash of a specific format

• [format] : The format that the hash is in

Example Usage:

john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt

Listing JTR's Hash Formats

The john the ripper formats can be listed by adding using the command:

john --list=formats

You can manually check, or grep for your hash type using something like:

john --list=formats | grep -iF "md5"