John The Ripper Full Tutorial
john the ripper is an advanced password cracking tool used by many which is free and open source. John the Ripper initially developed for UNIX operating system but now it works in Fifteen different platforms.
John The Ripper widely used to reduce the risk of network security causes by weak passwords as well as to measure other security flaws regarding encryptions. John The Ripper uses a wide variety of password cracking techniques against user accounts of many operating systems, password encryptions, and hashes.
such as crypt password hash types( MD5, DES or Blowfish).
Windows NT/XP/2000/2003/LM hash.
Also, Password stored in MySQL, LDAP, and others.
John The Ripper is a combination of the number of password crackers in one package makes it one of the best password testing and breaking program which autodetects password hashes and customizable password cracker.
John the Ripper has an official free version, a community enhanced version, and also a pro version.
In this tutorial, we will see the most common password cracking like Linux password, Zip file protected with a password, Windows password, and Wifi Handshake file cracking.
Installing and Downloading John the Ripper.
first, we need to install John The Ripper,
it comes preinstalled in Kali Linux
to install in other Linux Os simply use command.
# sudo apt-get install john
For Windows, Mac and Android go to the official site of JTR
Type John in terminal to see options.
Cracking Linux user Passwords:
/etc/shadow
so cracking Linux password or unshadow password simply use this command in John The Ripper.
# john /etc/shadow
As you can see John cracked the password in the shadow file.
This process sometimes takes time depending upon password complexity and the number of users.
so cracking Linux password or unshadow password simply use this command in John The Ripper.
# john /etc/shadow
As you can see John cracked the password in the shadow file.
This process sometimes takes time depending upon password complexity and the number of users.
-------XXX-------
Decrypting MD5 hash:
first, we need to store the hash in .txt file which can then accessible for john the ripper using the command.
I stored MD5 hash in MD5hash.txt and used this command.
# john --format=raw-MD5 /root/Desktop/MD5hash.txt
So John cracked the hash successfully and also correctly.
After that select which compression you want to choose we will ZIP which is way bottom in there.
Now, Click on other options where you can see the password field type password you want and click on create.
So this is how you can create a password-protected ZIP file in Kali Linux.
We created a password-protected Zip file now we will Decrypt it using John The Ripper.
Firstly we need to Export hashes to .txt file using this command.
# zip2john [Zipfile]>zipfile.txt
This command will export zip keys to .txt file which we will feed to John The Ripper. in my case.
It's okay if this shows that, if you check zipfile.txt or cat it you will see their zip keys are exported successfully.
Now use this command to crack those keys in john.
# john --format=zip [zip.txt]
As you can see the password is decrypted successfully.
If you want to crack a password of RAR compression then Use the command.
# rar2john [zipfile]>zipkey.txt
Just copy these files using CMD type these commands
reg save hklm\SYSTEM (for SYSTEM file)
reg save hklm\SAM (for SAM file)
Now take this files in Kali Linux and need to extract Windows keys so we can crack them use this command
# samdump2 SYSTEM SAM>keys.txt
Details of windows users password will be saved in keys.txt and now we can feed it to John the ripper so it can crack it.
# john --format=LM --user=administrator keys.txt
you can choose the username you want to crack simply specify there instead of an administrator. and john will crack those passwords for you.
If you want to use a custom wordlist then use this command.
# john --wordlist=[wordlist.txt] --user=administrator keys.txt
This is how you can crack various password hashes, encryptions, and user passwords using John the Ripper.
These are the most common password encryptions you will encounter many times in your experience with hacking and penetration testing and john the ripper is here to help you with every one of them. you will get pretty much ideas about how to crack other password encryptions using John The Ripper.
sometimes it takes too much time to crack a password or it gets failed of password not found in many cases than using custom wordlists can help you here but the cracking password is dependent upon password complexity and a number of character used.
I stored MD5 hash in MD5hash.txt and used this command.
# john --format=raw-MD5 /root/Desktop/MD5hash.txt
So John cracked the hash successfully and also correctly.
You can also decrypt other hashes like MD5 just changing command of hash format.
---------XXX--------
Cracking password protected Zip/RAR file:
Lots of Folks Asking about how to create password protected file in Linux, So let's cover them up also.
First select file which you want to password encrypted and right-click on it and select Create Archive.
After that select which compression you want to choose we will ZIP which is way bottom in there.
Now, Click on other options where you can see the password field type password you want and click on create.
So this is how you can create a password-protected ZIP file in Kali Linux.
We created a password-protected Zip file now we will Decrypt it using John The Ripper.
Firstly we need to Export hashes to .txt file using this command.
# zip2john [Zipfile]>zipfile.txt
This command will export zip keys to .txt file which we will feed to John The Ripper. in my case.
It's okay if this shows that, if you check zipfile.txt or cat it you will see their zip keys are exported successfully.
Now use this command to crack those keys in john.
# john --format=zip [zip.txt]
As you can see the password is decrypted successfully.
If you want to crack a password of RAR compression then Use the command.
# rar2john [zipfile]>zipkey.txt
-------XXX--------
Cracking windows user password:
Windows password is stored in SAM and SYSTEM files located in
C:\Windows\System32\Config
Just copy these files using CMD type these commands
reg save hklm\SYSTEM (for SYSTEM file)
reg save hklm\SAM (for SAM file)
Now take this files in Kali Linux and need to extract Windows keys so we can crack them use this command
# samdump2 SYSTEM SAM>keys.txt
Details of windows users password will be saved in keys.txt and now we can feed it to John the ripper so it can crack it.
# john --format=LM --user=administrator keys.txt
you can choose the username you want to crack simply specify there instead of an administrator. and john will crack those passwords for you.
If you want to use a custom wordlist then use this command.
# john --wordlist=[wordlist.txt] --user=administrator keys.txt
----------XXX----------
Cracking WPA/WPA2 handshake using John The Ripper.
Here I will only show you how to crack WPA/WPA2 handshake not to capture it. (that's for another day)
The captured handshake must be in .hccap file it not then convert it.
now use this command to export keys in a handshake.
# hccap2john [capture]>keys.txt
now keys will be exported to keys.txt so we will crack this handshake using a custom wordlist.
use this command.
# john --wordlist=[wordlist.txt] /keys.txt
and john will start cracking process, a succession of attack depends upon password must be present in wordlist if that wordlist was not worked try a different one.
---------XXX------------
This is how you can crack various password hashes, encryptions, and user passwords using John the Ripper.
Conclusion:
These are the most common password encryptions you will encounter many times in your experience with hacking and penetration testing and john the ripper is here to help you with every one of them. you will get pretty much ideas about how to crack other password encryptions using John The Ripper.
sometimes it takes too much time to crack a password or it gets failed of password not found in many cases than using custom wordlists can help you here but the cracking password is dependent upon password complexity and a number of character used.
Such as using variables like (!@#$%^&*_<>) and combining it with lowercase and uppercase with more than 12 characters long passwords can make password cracking insanely difficult.
