Blog | G5 Cyber Security

Cracking Passwords with John

G5 Cyber Security

TL;DR

This guide shows you how to use John the Ripper to crack a password. It covers getting John, preparing your password hash, running common attacks, and understanding results.

1. Installing John the Ripper

John is available for most operating systems. Here’s how to install it:

2. Preparing Your Password Hash

You need the password hash to crack it. This is often found in configuration files (e.g., /etc/shadow on Linux, but requires root access) or database dumps. Let’s assume you have a hash file named hashes.txt.

3. Running Common Attacks

John offers various attack modes. Here are some useful ones:

3.1 Single Crack Mode

This is the simplest mode, trying a single password directly. Useful if you suspect a specific password.

john hashes.txt your_suspected_password

3.2 Wordlist Attack

This tries passwords from a list (wordlist). Download wordlists like RockYou (RockYou) or create your own.

  1. Copy the wordlist to the same directory as hashes.txt.
  2. Run John: 
    john --wordlist=rockyou.txt hashes.txt

3.3 Rule-Based Attack

Rules modify wordlist entries (e.g., capitalization, adding numbers). This is more effective than a simple wordlist attack.

n

  1. Run John with a rule: 
    john --rule=best64 hashes.txt

    (best64 is a common ruleset.)

3.4 Incremental Attack

This tries all possible passwords of a certain length, starting from ‘a’ and incrementing.

  1. Run John: 
    john --incremental hashes.txt

    (This can take *very* long.)

3.5 Mask Attack

If you know parts of the password, use a mask to define unknown characters.

n

  1. Example: If you know the password starts with ‘P’ and is 8 characters long: 
    john --mask='P???????' hashes.txt

    (? represents an unknown character.)

4. Understanding Results

John stores cracked passwords in a file named john.pot.

5. Important Considerations

Exit mobile version