John the Ripper (JTR)
John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. GitHub - magnumripper/JohnTheRipper
Mutations
Config file
/etc/john/john.conf
Modify the config file
# Add two numbers to the end of each password
$[0-9]$[0-9]
john --wordlist=megacorp-cewl.txt --rules --stdout > mutated.txt
Hash attacks
Brute force (all)
john <file-with-hashes>
Using wordlist
john --wordlist=/usr/share/wordlists/rockyou.txt <file-with-hashes>
Single Crack Mode
John will create it's own dictionary list based on additional information provided (e.g. username).
Fileformat (Gecos)
username:password
john --single <file-with-hashes>
Rules
Applying rules Word mangling rules are used to modify or "mangle" words producing other likely passwords
john --rules --wordlist=/usr/share/wordlists/rockyou.txt <file-with-hashes>
KoreLogic John the Ripper Rules used a variety of custom rules to generate the passwords.
cAz "19[0-9][0-9]"
Az "19[0-9][0-9]"
Archives
Zip
zip2john <archive.zip> > archive-hash.txt
7z
/usr/share/john/7z2john.pl <archive.7z> > archive-hash.txt
Rar
rar2john <archive.rar> > archive-hash.txt
KeePass
Grab password hash
keepass2john <kdbx-file>
Grab keyfile hash
keepass2john -k <key-file> <kdbx-file>
SSH key encryption (passphrase)
ssh2john <keyfile> > <output>
In Kali:
/usr/share/john/ssh2john.py
Convert to john readable format hashstack-server-plugin-jtr/sshng2john.py at master · stricture/hashstack-server-plugin-jtr · GitHub
./sshng2john.py <keyfile> > <output>
Crack it
john --wordlist=/usr/share/wordlists/rockyou.txt <output>
unshadow
Using /etc/passwd
and /etc/shadow
to gain password hashes and then crack them via john.
unshadow <passwd-file> <shadow-file> > passwords.txt
john passwords.txt
Last updated