Javascript required
Skip to content Skip to sidebar Skip to footer
Home / What File Types Does John the Ripper Read?

What File Types Does John the Ripper Read?

Every self-respecting pentester should have a powerful password cracker in their toolkit, and John the Ripper is simply the best cracker out there.

Initially released in 1996 by Openwall, John the Ripper has grown to go the preferred password cracker for hackers and pentesters and a reliable tool used past auditors to spot weak passwords.

John the Ripper Logo

In this article, we will learn how to perform basic password great using John the Ripper.

Why Use John The Ripper?

John the Ripper is an offline password cracker. In other words, information technology tries to notice passwords from captured files without having to interact with the target. By doing this, information technology does not generate suspicious traffic since the procedure is generally performed locally, on the aggressor'south machine.

Although it'southward primarily used to cleft countersign hashes, John can besides be used to crack protected archive files, encrypted private keys, and many more.

How to Download John The Ripper

John the Ripper is a free open-source project. You tin can download it for free from the Openwall website or from its official Github repository. You should brand sure to download the correct parcel for your Os.

If you accept Kali Linux, then john should already exist installed. You tin can find the correct location of the binary file past running the locate command.

          locate john

Getting Started

One time y'all've successfully downloaded and installed John, you tin can launch it past typing the name of the binary file on your control prompt followed by a password file.

In the below example, passwordFile is a file that contains a list of password hashes that we want to scissure.

          ./john passwordFile

This is the most basic command that you can apply. Since we have not specified any parameter other than the password file, John will try to crack this file using the default options.

Although this is the simplest and easiest way to utilise John, it will not necessarily provide the desired results. For this, we have to specify boosted options.

John'due south Bully Modes

When attempting to crack a countersign file using John the Ripper, the first affair yous demand to consider is how should John go about performing the neat process.

John has three main groovy modes that you can choose from. Let's run into what each of these modes does.

Wordlist Mode

This is the almost mutual mode to use John the Ripper. In this mode, y'all can specify a path to a wordlist file that contains a list of possible passwords. John will test all the words contained in that wordlist and check if the correct password is nowadays there. This process is what is known every bit a Lexicon Attack.

It is of import that the wordlist contains one password per line. Otherwise, John the Ripper will not procedure it correctly.

In the example below, I am using the '–wordlist' option to specify the path to the wordlist file, which is '/usr/share/wordlists/rockyou.txt'. If the correct password is in that file, John will brandish it. 

          ./john --wordlist=/usr/share/wordlists/rockyou.txt passwordFile

* 'passwordFile' is the text file that contains the password hashes that we want to cleft.

To increment the chances of finding a correct password, yous tin can enable the wordlist mode with mangling rules. Past doing this, John will slightly modify each word in the wordlist. This will result in new probable passwords that aren't necessarily nowadays in the wordlist, and thus it volition increase your chances of finding the correct one.

To enable mangling rules, you can apply the '–rules' selection. However, you should note that this will take a longer time to process the wordlist.

Unmarried Cleft Mode

The unmarried fissure mode is by and large used when trying to crack Unix passwords. It takes advantage of the GECOS fields present in the passwd file. These GECOS fields ordinarily comprise information about the user, such every bit their username and their full proper name.

John will generate a list of candidate passwords from these fields, and by using an all-encompassing set of mangling rules (which John does by default in the single scissure mode), the generated list will be customized to each user.

To enable Unmarried Crack manner, you tin can simply use the '–unmarried' selection.

You lot should notation that, when no style is specified, John by default starts with unmarried scissure way, then the wordlist fashion, before catastrophe with the incremental mode (which we'll see in the coming section).

To better illustrate this style, let'southward see an example of how y'all would crack the passwords of a Unix arrangement.

Case

The classical password file where Unix systems shop information about users is '/etc/passwd'. Even so, nearly all Unix systems store password hashes in a separate file '/etc/shadow'.

Now, in guild to have a unmarried file with GECOS fields and countersign hashes, we can utilise the 'unshadow' utility that comes with John.

You lot can practice so by running the following command:

          unshadow /etc/passwd /etc/shadow > passwordFile

The above command will save the generated file in the current directory under the name 'passwordFile'.

Once we accept our password file, we tin can run John with the single scissure manner.

          ./john --single passwordFile

Incremental Mode

This is John's brute force mode. When enabled, John will try every possible combination of characters inside the specified charset and password length limit.

To enable the incremental style, you can use the '–incremental' pick followed by the mode to use. This mode is what defines the charset to utilize and the countersign length limit.

John comes with some predefined incremental modes. To cull the mode that best suits your purposes, you can check the 'john.conf' file where settings for John the Ripper are stored.

Hither is an instance of the Alpha manner taken from 'john.conf':

          [Incremental:Blastoff] File = $JOHN/alpha.chr MinLen = 1 MaxLen = 13 CharCount = 52

The Alpha mode, as defined in this config, can scissure passwords ranging from 1 to 13 characters in length, and with a charset of 52 possible characters.

Other predefined modes that you tin can find in the config file include : ASCII (All printable ASCII characters), Alnum (All alphanumeric characters), Lower (Only lowercase messages), and Digits (Only digits).

If you can't find an incremental mode that fits your needs, you tin can add it in the config. If you decide to do so, I invite yous to read the official documentation about how to customize John the Ripper.

The following command volition try to crack the passwords using the digits incremental mode.

          ./john --incremental=Digits passwordFile

Hash Formats

By default, John the Ripper detects the hash blazon and so tries to scissure the password based on that type. However, John can sometimes miss the right type. In this case, it would be better to featherbed the automatic hash detection and manually specify the type. To practise then, you tin use the '–format' option followed past the hash blazon.

For example, the following command volition crack the MD5 hashes contained in passwordFile:

          ./john --format=Raw-MD5 passwordFile

To become the list of all supported hash formats, you tin can run the following command:

          ./john --list=formats

You now have all the basics that you need to start cracking passwords using John the Ripper. Of course, John has other features that we haven't covered hither, so if you desire a more complete learning material, I invite y'all to check the official documentation.

gellatlysteranded.blogspot.com

Source: https://patchthenet.com/articles/using-john-the-ripper-to-crack-password-hashes/