**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
John the Ripper is a free, open-source password-cracking tool commonly used for security testing. It is designed to detect weak passwords in Unix-based systems but also supports Windows and other operating systems.
John the Ripper works by using various attack methods, including dictionary attacks, brute force, and hybrid attacks, to guess passwords.
The software’s adaptability and robust capabilities have made it a go-to choice for security experts who need to evaluate password resilience and enhance protective measures.
Users can adjust various parameters and customize rulesets to optimize its performance for specific use cases.
Formats that John the Ripper supports: By using following command we can check the formats supported by John the Ripper
Basic Syntax:
John (Hash filename) –format=RAW-SHA1
John: This refers to the John the Ripper tool itself, structured to carry out the role of cracking a password or hash analysis.
(Hash filename): It contains the hashes you want to crack. You can use md5 to create your hashes or any other tools like SHA-1, SHA-256, and SHA-512.
–format=RAW-SHA1: This is about the pattern of the hashes you want to crack.
The lettering RAW-SHA1 shows the hashes are raw, unsalted SHA-1 hashes.
It tells John the Ripper to work with the hashes in the file as SHA-1 encrypted and then proceed with possible algorithm cracking.
Single-Mode:
When operating in single-crack mode, John manipulates a string to create different versions of it in order to produce a series of passwords.
The “format” flag is employed to indicate the hash type, and the “single” flag is used to inform John that we prefer the single crack mode. We will generate a hash.txt file that includes the username and password hash value.
John –single (hash filename) –format=Raw-SHA1
Single: This specifies the cracking mode to Single Crack Mode, which tries to guess the password from a username or derivatives of that username. This is a very fast mode, which is preferable when the password is too close to the username, like a password such as john123 for username john.
–format=RAW-SHA1: This is about the pattern of the hashes you want to crack.
The lettering RAW-SHA1 shows the hashes are raw, unsalted SHA-1 hashes.
This tells John the Ripper to work with the hashes in the file as SHA-1 encrypted and then proceed with possible algorithm cracking.
Wordlist Mode:
- Uses a list of words (dictionary) to attempt cracking.
- Can be customized with rules to modify words (e.g., adding numbers, changing cases).
- Efficient for cracking passwords based on common words or known patterns.
John –wordlist=path of wordlist file (hash filename) –format=Raw-MD5
Rules:
We can check rules by performing following commands and see them in mousepad by using the command: mousepad john.conf as show in picture.
Incremental Mode:
- A brute-force approach that tries all possible character combinations.
- Highly customizable (character sets, length ranges).
- Slowest but most thorough method.
John –incremental:alpha (hash filename) –format= Raw-SHA1
Break shadow file:
In Linux, there are two important files saved in the /etc folder: passwd and shadow.
- /etc/passwd -> stores information like username, user id, login shell, and so on.
- /etc/shadow -> contains password hash, password expiry, and so on.
In addition to the “john” command, John comes with a few other utilities. One of them is called “unshadow”.
The unshadow command merges the passwd and shadow files into one file. John can utilize this to decrypt passwords.
Sudo unshadow /etc/passwd /etc/shadow by this command we unshadow both files and save hash in new .txt file as shown in pictures and perform
john (hash filename) –wordlist=/usr/share/wordlists/rockyou.txt command to crack hash.
Zip File:
Here, we are creating zip file and encrypting it by password using -e command.
Zip2jhon (filename)> zipHash.txt Using this command, we can store the zip hash in the zipHash.txt file.
Now, we will use John to break password:
John zipHash.txt –wordlist=/usr/share/wordlists/rockyou.txt
As we get the password of the file by using this password, we can access the file.
Multiple Files: john h1.txt hash.txt – format=Raw-MD5
Summary
John the Ripper is widely used by security professionals and system administrators. It’s important to note that it should only be used ethically and with proper authorization.
This software demonstrates a key principle in cybersecurity – tools that help security professionals identify vulnerabilities are also a powerful reminder of why robust, personalized passwords are essential to prevent malicious break-in attempts.
