John the Ripper - Intro

Introduction
John the Ripper is a free and open-source password cracking tool which can crack passwords stored in various formats including hashes and encrypted private keys.
Uses
Password auditing (assessing strength of passwords used in organizations)
Password recovery
Penetration testing
Hash Cracking Basics
John Basic Syntax
john [options] [path to file]
john
: Invokes the John the Ripper program[path to file]
: The file containing the hash you're trying to crack
Automatic Cracking
Syntax:
john --wordlist=[path to wordlist] [path to file]
--wordlist=
: Specifies using wordlist mode, reading from the file that you supply in the following path[path to wordlist]
: The path to the wordlist you're using
Example Usage:
john --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt
Here, the hash type is not specified, so the tool automatically tries to detect the hash and tries to crack it. This is a quick method, however can be unreliable sometimes.
Identifying hashes
Hash type can be identified using an online hash identifier tool: https://hashes.com/en/tools/hash_identifier or by using a Python tool called hash-identifier.
Format-specific Cracking
Syntax:
john --format=[format] --wordlist=[path to wordlist] [path to file]
--format=
: This is the flag to tell John that you're giving it a hash of a specific format[format]
: The format that the hash is in
Example Usage:
john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt
Listing JTR's Hash Formats
The john the ripper formats can be listed by adding using the command:
john --list=formats
You can manually check, or grep for your hash type using something like:
john --list=formats | grep -iF "md5"
Last updated