John the ripper is an advanced password cracking tool used by many which is free and open source. John the Ripper initially developed for UNIX operating system but now it works in Fifteen different platforms.
John The Ripper widely used to reduce the risk of network security causes by weak passwords as well as to measure other security flaws regarding encryptions. John The Ripper uses a wide variety of password cracking techniques against user accounts of many operating systems, password encryptions, and hashes.
such as crypt password hash types( MD5, DES or Blowfish).
Windows NT/XP/2000/2003/LM hash.
Also, Password stored in MySQL, LDAP, and others.
John The Ripper is a combination of the number of password crackers in one package makes it one of the best password testing and breaking program which autodetects password hashes and customizable password cracker.
John the Ripper has an official free version, a community enhanced version, and also a pro version.
How Does John the Ripper Work?
JtR supports several common encryption technologies out-of-the-box for UNIX and Windows-based systems. (ed. Mac is UNIX based). JtR autodetects the encryption on the hashed data and compares it against a large plain-text file that contains popular passwords, hashing each password, and then stopping it when it finds a match.
JtR also includes its own wordlists of common passwords for 20+ languages. These wordlists provide JtR with thousands of possible passwords from which it can generate the corresponding hash values to make a high-value guess of the target password. Since most people choose easy-to-remember passwords, JtR is often very effective even with its out-of-the-box wordlists of passwords.
JtR is included in the pentesting versions of Kali Linux.
What is John the Ripper Used for?
JtR is primarily a password cracker used during pentesting exercises that can help IT staff spot weak passwords and poor password policies.
Here is the list of encryption technologies found in JtR:
- UNIX crypt(3)
- Traditional DES-based
- BSDI extended DES-based
- FreeBSD MD5-based (linux and Cisco IOS)
- OpenBSD Blowfish-based
- Windows LM (DES-based)
- DES-based tripcodes
- SHA-crypt hashes (newer versions of Fedora and Ubuntu)
- SHA-crypt and SUNMD5 hashes (Solaris)
That’s the “official” list. JtR is open-source, so if your encryption of choice isn’t on the list do some digging. Someone might have already written an extension for it.
How to use John the ripper
We are going to go over several of the basic commands that you need to know to start using John the Ripper. To get started all you need is a file that contains a hash value to decrypt.
If you ever need to see a list of commands in JtR, run this command:
John the Ripper’s primary modes to crack passwords are single crack mode, wordlist mode, and incremental. The single crack mode is the fastest and best mode if you have a full password file to crack. Wordlist mode compares the hash to a known list of potential password matches. Incremental mode is the most powerful and possibly won’t complete. This is your classic brute force mode that tries every possible character combination until you have a possible result.
The easiest way to try cracking a password is to let JtR go through a series of common cracking modes. This command below tells JtR to try “simple” mode, then the default wordlists containing likely passwords, and then “incremental” mode.
You can also download different wordlists from the Internet, and you can create your own new wordlists for JtR to use with the –wordlist parameter.
.\john.exe passwordfile –wordlist=”wordlist.txt”
If you want to specify a cracking mode use the exact parameter for the mode.
.\john.exe --single passwordfile .\john.exe --incremental passwordfile
Word Mangling Rules
Mangling is a preprocessor in JtR that optimizes the wordlist to make the cracking process faster. Use the –rules parameter to set the mangling rules.
.\john.exe --wordlist=”wordlist.txt” --rules --passwordfile
Viewing Your Output
When you want to see the list of passwords that you have cracked, use the –show parameter.
.\john.exe –show passwordfile
If your cracked password list is long, you can filter the list with additional parameters. You can also redirect the output using basic redirection in your shell. For example, if you want to see if you cracked any root users (UID=0) use the –users parameter.
.\john.exe --show --users=0 passwordfile
Or if you want to show users from privileged groups use –groups.
.\john.exe –-show –-groups=0,1 passwordfile