John The Ripper has been around for a long and is a tool that all hackers and pen-testers use on a regular basis. However, if you are a rookie in this subject, employing John The Ripper is not always simple. Don’t worry, I’ll go through everything in this post to make sure you get started correctly.
John The Ripper is a well-known command-line password breaker. It is preconfigured with Kali Linux and may be used immediately after installation.
Let’s go through how to get started with it for the first time, as well as some instances of how to utilize it.
Getting Started with John The Ripper (John)
John The Ripper is a free and open-source password recovery programme that works on all operating systems and distributions. You may either download and build the source code or utilize a release package for your system or distribution.
In this article, I’m using Kali Linux, a hacking and pen-testing distribution, but you may use John on any other system if you like; the examples I provide later will function the same way.
Start John
Kali Linux comes with John The Ripper preinstalled. It’s under “05 – Password Attacks” on the main menu. The app’s name is just “John”.
However, since there is no graphical interface for John The Ripper, you may just open a terminal and run the following command to utilise it:
How to Use John
Using John The Ripper is not simple since there is no visual interface. For many different sorts of assaults and tactics, there are several choices available as optional arguments on the command line.
To give you a sense of the options, let’s try a couple.
Simple illustration
A file on your computer holding one or more encrypted passwords that you intend to break serves as your first step in creating a password file. Anything is possible:
the Linux system’s “/etc/passwd” file (use the unshadowed version for recent distributions).
Windows passwords
Or any password list that has been taken from a database, whether it uses the MD5, SHA1, or another encryption technique.
For this demonstration, I created a text file and filled it with several MD5 passwords. If you want to test John without having a specific example to use just yet, you may use this tool to produce several.
Anyhow, you may use John to attempt to break some of the passwords once this file is on Kali Linux.
The standard syntax is:
john --format=<passwords-format> <file>
In my case:
john --format=Raw-md5 md5-passwords.txt
John will open your password file and attempt a number of methods to decipher it (there is a minimal word list tested by default, and it will also use some incremental strategies).
In my test, I knowingly put the MD5 hash for a word from the word list, and it quickly identified it (the term “good luck” was one of the MD5-encrypted passwords in my file). You are welcome to include the same one to achieve success.
Wordlists
If you have a large number of encrypted passwords to test, using test word lists is the quickest approach to achieve a few positive results. The majority of users continue to use the same simple passwords across most apps (“password” and “qwerty” remain the most popular passwords globally).
But Kali Linux’s default word list isn’t that extensive. Consider downloading and testing larger lists. There are several places where you may obtain some of them, ranging from a few hundred words to enormous files, some of which are over 100 GB in size.
There are several of them available for download in this GitHub repository. It’s already good enough to run a few more tests, but the largest ones aren’t accessible (and often they’re not free).
To demonstrate how it works, I obtained the file “darweb2017-top10000.txt” and tested it using John The Ripper.
The underlying command remains the same; we just append the name of the wordlist file to it, as in:
john --wordlist=<yourfile> --format=<format> <passwords-file>
Given that John is configured to do this task rapidly, even for the longest list, this ought to be rather speedy.
You are welcome to write a shell script that will test each list individually.
Bruteforce
The bruteforce approach, however, is the most often used way for using John The Ripper to break passwords.
The last option, if none of your word lists worked, is to attempt random passwords.
This method is known as “incremental” when used to John The Ripper, and it may be used by adding the “-incremental” option to your command line:
john --incremental --format=Raw-md5 md5-passwords.txt
As shown in the picture, it will continue to test random passwords until it finds one that matches every password on your list. To stop John the Ripper and try other things, use “CTRL+C.”
You may provide the password format on the command line if you know it well.
For instance, you may use “digits” to instruct John to just test digits if you know that the passwords are almost certainly solely numbers:
john --incremental=digits --format=<format> <password-file>
John is no longer testing letters in this screenshot; instead, he is just trying entire numbers. Testing lengthy passwords will go much quicker this way.
The “mask assault” is the last choice if you have additional information. The passwords you wish to test may have a specific format that you can define. You essentially realised at that point that the majority of passwords follow the same patterns as the earlier testing.
Perhaps a few years ago, the system was changed to require users to add a special character to their passwords, and everyone did so at the end. The passwords might also all begin with an uppercase letter or conclude with the user’s birthday.
The majority of people use similar patterns for their passwords, therefore utilizing mask attacks may drastically speed up the process even if you don’t currently have any knowledge. For instance, these are the most frequent patterns identified in the “Rock You” significant data breach in 2009, along with hashcat.
Using mask assaults with John the Ripper is as follows:
john --mask=<mask> --format=<format> <yourfile>
The mask, which uses one or more of these components, serves to broadly characterise the password format:
- ?l : lower case letters
- ?u : upper case letters
- ?d : digits
- ?s : special characters
- ?a : any characters
- etc
As an example, I use “?u?l?l?l?s” in the following screenshot, which stands for a six-character password that begins with an uppercase letter, continues with four lowercase letters, and ends with a special character:
john --mask=?u?l?l?l?l?s --format=Raw-md5 my-md5-passwords.txt
John is only trying this format, as you can see in the left red square; all passwords that have been tried have followed the mask that I specified on the command line.
Permutations
If you want John to have permutations of certain phrases from a wordlist (in the file dict.txt) with a 1-printable-ASCII-character suffix, a 1-printable-ASCII-character prefix, 1337speak, the MASK attack, and Hybrid Mask, use instructions like this:
john.exe --wordlist=dict.txt --rules=All --mask=?a?w hash.txt
The 3l33t rules are incorporated in the rules of the commands listed above.
John Modules (zip2john, gpg2john, rar2john, etc)
John the ripper comes with a bunch of modules you can use to crack diverse files. These modules are installed on your Kali system by default. However, if they are not installed, you can do so simply with the following command:
apt install <module>2john
In my case, I will install zip2john:
To look for modules simply search with the command:
zip/rar/gzip File Cracking
Assume there is a Zip file with a password lock. So, at some time in the past, you built a password-protected zip file. You’ll need to get the hash out of the zip file first by running:
zip2john my-zip-file.zip > zip-hash.txt
The same applied for other modules
gpg2john my-gpg-file.gpg > gpg-hash.txt
rar2john rar-gpg-file.rar > rar-hash.txt
gzip2john gzip-gpg-file.gzip > gzip-hash.txt
Now you can proceed by cracking the hashes appropriately
john --incremental --format=zip zip-hash.txt
Conclusion
John the Ripper is a lethal weapon. In fact, it is so widely used that it comes preloaded on Kali Linux! Although John the Ripper is usually used for password recovery, one may always test if the passwords one has picked are secure by attempting to crack them. Overall, it’s an excellent tool that takes some time to learn and master, but it’s well worth the effort.