Cracking Passwords with John

TL;DR

This guide shows you how to use John the Ripper to crack a password. It covers getting John, preparing your password hash, running common attacks, and understanding results.

1. Installing John the Ripper

John is available for most operating systems. Here’s how to install it:

• Debian/Ubuntu:

  sudo apt update && sudo apt install john

• Fedora/CentOS/RHEL:

  sudo dnf install john

• macOS (using Homebrew):

  brew install john

• Windows: Download from the official website and follow the installation instructions.

2. Preparing Your Password Hash

You need the password hash to crack it. This is often found in configuration files (e.g., /etc/shadow on Linux, but requires root access) or database dumps. Let’s assume you have a hash file named hashes.txt.

3. Running Common Attacks

John offers various attack modes. Here are some useful ones:

3.1 Single Crack Mode

This is the simplest mode, trying a single password directly. Useful if you suspect a specific password.

john hashes.txt your_suspected_password

3.2 Wordlist Attack

This tries passwords from a list (wordlist). Download wordlists like RockYou (RockYou) or create your own.

1. Copy the wordlist to the same directory as hashes.txt.
2. Run John:

   john --wordlist=rockyou.txt hashes.txt

3.3 Rule-Based Attack

Rules modify wordlist entries (e.g., capitalization, adding numbers). This is more effective than a simple wordlist attack.

n

1. Run John with a rule:

   john --rule=best64 hashes.txt

   (best64 is a common ruleset.)

3.4 Incremental Attack

This tries all possible passwords of a certain length, starting from ‘a’ and incrementing.

1. Run John:

   john --incremental hashes.txt

   (This can take *very* long.)

3.5 Mask Attack

If you know parts of the password, use a mask to define unknown characters.

n

1. Example: If you know the password starts with ‘P’ and is 8 characters long:

   john --mask='P???????' hashes.txt

   (? represents an unknown character.)

4. Understanding Results

John stores cracked passwords in a file named john.pot.

• View the results:

  john --show hashes.txt

  (This displays the cracked passwords.)

5. Important Considerations

• Hash Type: John needs to know the hash type. It usually detects it automatically, but you can specify it with

  --hash-type=md5

  ,

  --hash-type=sha256

  , etc.

• Performance: Cracking passwords is resource intensive. Use a powerful machine and consider using GPU acceleration (see John’s documentation).
• Legal Issues: Only crack passwords you have permission to crack! Unauthorized access is illegal.