Hidden Content
We know the importance of John the ripper in penetration testing. It is the basics so get it right.
John the Ripper is a free password cracking software tool developed by Openwall. Originally developed for Unix Operating Systems but later on developed for other platforms as well. It is one of the most popular password testings and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types commonly found in Linux or Windows. It can also be to crack passwords of Compressed files like ZIP and also Documents files like PDF.
Where to get John the Ripper?
John the Ripper can be downloaded from Openwall’s Website here.
Or from the Official John the Ripper Repo here
John the Ripper comes pre-installed in Linux Kali and can be run from the terminal:
John the Ripper works in 3 distinct modes to crack the passwords:
Single Crack Mode
Wordlist Crack Mode
Incremental Mode
John the Ripper Single Crack Mode
In this mode John the ripper makes use of the information available to it in the form of a username and other information. This can be used to crack the password files with the format of
Username[Image: tongue.png]assword
For Example: If the username is “Hacker” it would try the following passwords:
hacker
HACKER
hacker1
h-acker
hacker=
We can use john the ripper in Single Crack Mode as follows:
Here we have a text file named crack.txt containing the username and password, where the password is encrypted in SHA1 encryption so to crack this password we will use:
Syntax: john [mode/option] [password file]
john --single --format=raw-sha1 crack.txt
John the Ripper Wordlist Crack Mode
In this mode John the ripper uses a wordlist that can also be called a Dictionary and it compares the hashes of the words present in the Dictionary with the password hash. We can use any desired wordlist. John also comes in build with a password.lst which contains most of the common passwords.
Let’s see how John the Ripper cracks passwords in Wordlist Crack Mode:
Here we have a text file named crack.txt containing the username and password, where the password is encrypted in SHA1 encryption so to crack this password we will use:
Syntax: john [wordlist] [options] [password file]
john --wordlist=/usr/share/john/password.lst --format=raw-sha1 crack.txt
Cracking the User Credentials
We are going to demonstrate two ways in which we will crack the user credentials of a Linux user.
Before that we will have to understand, what is a shadow file?
In the Linux operating system, a shadow password file is a system file in which encrypted user password is stored so that they are not available to the people who try to break into the system. It is located at /etc/shadow.
First Method
Now, for the first method, we will crack the credentials of a particular user “pavan”.
And we will find the credentials of the user pavan and copy it and paste it into a text file.
Now we will use john the ripper to crack it.
john crack.txt
Second Method
Now, for the second method, we will collectively crack the credentials for all the users.
To do this we will have to use John the ripper utility called “unshadow”.
unshadow /etc/passwd /etc/shadow > crack.txt
[Image: 7.png?w=640&ssl=1]
Here the unshadow command is combining the /etc/passwd and /etc/shadow files so that John can use them to crack them. We are using both files so that John can use the information provided to efficiently crack the credentials of all users.
Now we will use john to crack the user credentials of all the users collectively.
john --wordlist=/usr/share/john/password.lst crack.txt
Stopping and Restoring Cracking
While John the ripper is working on cracking some passwords we can interrupt or pause the cracking and Restore or Resume the Cracking again at our convenience.
So while John the Ripper is running you can interrupt the cracking by Pressing “q” or Crtl+C.
Now to resume or restore the cracking process we will use the –restore option of John the ripper:
john --restore
Now we will decrypt various hashes using John the Ripper
SHA1
To decrypt SHA1 encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-sha1 crack.txt
MD5
To decrypt MD5 encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-md5 rack.txt
MD4
To decrypt MD4 encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-md4 crack.txt
SHA256
To decrypt SHA256 encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-sha256 crack.txt
RIPEMD128
To decrypt RIPEMD128 encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=ripemd-128 crack.txt
Whirlpool
To decrypt whirlpool encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=whirlpool crack.txt
View All Formats
John the Ripper supports much encryption some of which we showed above. To view all the formats it supports:
john --list=formats
Abbreviating the Options
We don’t have to type complete option every time we use john the ripper, Developers have given users the option to abbreviate the options like
–single can be written as -si
–format can be written as -form
Shown below is an example of how to use these abbreviations.
john -si crack.txt -form=raw-md5
[Image: 1.png?w=640&ssl=1]
Another abbreviation we can use is:
–wordlist can be written as -w
john -w=/usr/share/wordlists/rockyou.txt crack.txt -form=raw-md5
[Image: 2.png?w=640&ssl=1]
Cracking Multiple Files
We can also crack multiple hash files if they have the same encryption. Let’s take an example, we have two files.
crack.txt
md5.txt
Both contain md5 hashes, so to crack both files in one session, we will run john as follows:
Syntax: john [file 1][file 2]
john -form=raw-md5 crack.txt md5.txt
ANNEX
Guides:
Snowden Leaks:
------------------------------------------------------
Nothing is free or is it?
We know the importance of John the ripper in penetration testing. It is the basics so get it right.
John the Ripper is a free password cracking software tool developed by Openwall. Originally developed for Unix Operating Systems but later on developed for other platforms as well. It is one of the most popular password testings and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types commonly found in Linux or Windows. It can also be to crack passwords of Compressed files like ZIP and also Documents files like PDF.
Where to get John the Ripper?
John the Ripper can be downloaded from Openwall’s Website here.
Or from the Official John the Ripper Repo here
John the Ripper comes pre-installed in Linux Kali and can be run from the terminal:
John the Ripper works in 3 distinct modes to crack the passwords:
Single Crack Mode
Wordlist Crack Mode
Incremental Mode
John the Ripper Single Crack Mode
In this mode John the ripper makes use of the information available to it in the form of a username and other information. This can be used to crack the password files with the format of
Username[Image: tongue.png]assword
For Example: If the username is “Hacker” it would try the following passwords:
hacker
HACKER
hacker1
h-acker
hacker=
We can use john the ripper in Single Crack Mode as follows:
Here we have a text file named crack.txt containing the username and password, where the password is encrypted in SHA1 encryption so to crack this password we will use:
Syntax: john [mode/option] [password file]
john --single --format=raw-sha1 crack.txt
John the Ripper Wordlist Crack Mode
In this mode John the ripper uses a wordlist that can also be called a Dictionary and it compares the hashes of the words present in the Dictionary with the password hash. We can use any desired wordlist. John also comes in build with a password.lst which contains most of the common passwords.
Let’s see how John the Ripper cracks passwords in Wordlist Crack Mode:
Here we have a text file named crack.txt containing the username and password, where the password is encrypted in SHA1 encryption so to crack this password we will use:
Syntax: john [wordlist] [options] [password file]
john --wordlist=/usr/share/john/password.lst --format=raw-sha1 crack.txt
Cracking the User Credentials
We are going to demonstrate two ways in which we will crack the user credentials of a Linux user.
Before that we will have to understand, what is a shadow file?
In the Linux operating system, a shadow password file is a system file in which encrypted user password is stored so that they are not available to the people who try to break into the system. It is located at /etc/shadow.
First Method
Now, for the first method, we will crack the credentials of a particular user “pavan”.
And we will find the credentials of the user pavan and copy it and paste it into a text file.
Now we will use john the ripper to crack it.
john crack.txt
Second Method
Now, for the second method, we will collectively crack the credentials for all the users.
To do this we will have to use John the ripper utility called “unshadow”.
unshadow /etc/passwd /etc/shadow > crack.txt
[Image: 7.png?w=640&ssl=1]
Here the unshadow command is combining the /etc/passwd and /etc/shadow files so that John can use them to crack them. We are using both files so that John can use the information provided to efficiently crack the credentials of all users.
Now we will use john to crack the user credentials of all the users collectively.
john --wordlist=/usr/share/john/password.lst crack.txt
Stopping and Restoring Cracking
While John the ripper is working on cracking some passwords we can interrupt or pause the cracking and Restore or Resume the Cracking again at our convenience.
So while John the Ripper is running you can interrupt the cracking by Pressing “q” or Crtl+C.
Now to resume or restore the cracking process we will use the –restore option of John the ripper:
john --restore
Now we will decrypt various hashes using John the Ripper
SHA1
To decrypt SHA1 encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-sha1 crack.txt
MD5
To decrypt MD5 encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-md5 rack.txt
MD4
To decrypt MD4 encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-md4 crack.txt
SHA256
To decrypt SHA256 encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-sha256 crack.txt
RIPEMD128
To decrypt RIPEMD128 encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=ripemd-128 crack.txt
Whirlpool
To decrypt whirlpool encryption we will use RockYou as wordlist and crack the password as shown below:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=whirlpool crack.txt
View All Formats
John the Ripper supports much encryption some of which we showed above. To view all the formats it supports:
john --list=formats
Abbreviating the Options
We don’t have to type complete option every time we use john the ripper, Developers have given users the option to abbreviate the options like
–single can be written as -si
–format can be written as -form
Shown below is an example of how to use these abbreviations.
john -si crack.txt -form=raw-md5
[Image: 1.png?w=640&ssl=1]
Another abbreviation we can use is:
–wordlist can be written as -w
john -w=/usr/share/wordlists/rockyou.txt crack.txt -form=raw-md5
[Image: 2.png?w=640&ssl=1]
Cracking Multiple Files
We can also crack multiple hash files if they have the same encryption. Let’s take an example, we have two files.
crack.txt
md5.txt
Both contain md5 hashes, so to crack both files in one session, we will run john as follows:
Syntax: john [file 1][file 2]
john -form=raw-md5 crack.txt md5.txt
ANNEX
Guides:
Snowden Leaks:
------------------------------------------------------
Nothing is free or is it?
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding