John the Ripper - Intro

John the Ripper

Introduction

John the Ripper is a free and open-source password cracking tool which can crack passwords stored in various formats including hashes and encrypted private keys.

Uses

  • Password auditing (assessing strength of passwords used in organizations)

  • Password recovery

  • Penetration testing

Hash Cracking Basics

John Basic Syntax

john [options] [path to file]

  • john : Invokes the John the Ripper program

  • [path to file] : The file containing the hash you're trying to crack

Automatic Cracking

Syntax:

john --wordlist=[path to wordlist] [path to file]

  • --wordlist= : Specifies using wordlist mode, reading from the file that you supply in the following path

  • [path to wordlist] : The path to the wordlist you're using

Example Usage:

john --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt

Here, the hash type is not specified, so the tool automatically tries to detect the hash and tries to crack it. This is a quick method, however can be unreliable sometimes.

Identifying hashes

Hash type can be identified using an online hash identifier tool: https://hashes.com/en/tools/hash_identifier or by using a Python tool called hash-identifier.

Format-specific Cracking

Syntax:

john --format=[format] --wordlist=[path to wordlist] [path to file]

  • --format= : This is the flag to tell John that you're giving it a hash of a specific format

  • [format] : The format that the hash is in

Example Usage:

john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt

Listing JTR's Hash Formats

The john the ripper formats can be listed by adding using the command:

john --list=formats

You can manually check, or grep for your hash type using something like:

john --list=formats | grep -iF "md5"

Last updated