# John the Ripper (JTR)

> John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms.\
> [GitHub - magnumripper/JohnTheRipper](https://github.com/magnumripper/JohnTheRipper)

* [Openwall](https://www.openwall.com/john/)

## Mutations

Config file

```bash
/etc/john/john.conf
```

Modify the config file

```
# Add two numbers to the end of each password
$[0-9]$[0-9]
```

```bash
john --wordlist=megacorp-cewl.txt --rules --stdout > mutated.txt
```

## Hash attacks

Brute force (all)

```bash
john <file-with-hashes>
```

Using wordlist

```bash
john --wordlist=/usr/share/wordlists/rockyou.txt <file-with-hashes>
```

### Single Crack Mode

John will create it's own dictionary list based on additional information provided (e.g. username).

Fileformat (Gecos)

```bash
username:password
```

```bash
john --single <file-with-hashes>
```

### Rules

Applying rules\
**Word mangling rules** are used to modify or "mangle" **words** producing other likely passwords

```bash
john --rules --wordlist=/usr/share/wordlists/rockyou.txt <file-with-hashes>
```

[KoreLogic John the Ripper Rules](https://contest-2010.korelogic.com/rules.html) used a variety of custom rules to generate the passwords.

```bash
cAz "19[0-9][0-9]"
```

```bash
Az "19[0-9][0-9]"
```

### Archives

Zip

```bash
zip2john <archive.zip> > archive-hash.txt
```

7z

```bash
/usr/share/john/7z2john.pl <archive.7z> > archive-hash.txt
```

Rar

```bash
rar2john <archive.rar> > archive-hash.txt
```

### KeePass

Grab password hash

```bash
keepass2john <kdbx-file>
```

Grab keyfile hash

```bash
keepass2john -k <key-file> <kdbx-file>
```

### SSH key encryption (passphrase)

```bash
ssh2john <keyfile> > <output>
```

In Kali:

```bash
/usr/share/john/ssh2john.py
```

Convert to john readable format\
[hashstack-server-plugin-jtr/sshng2john.py at master · stricture/hashstack-server-plugin-jtr · GitHub](https://github.com/stricture/hashstack-server-plugin-jtr/blob/master/scrapers/sshng2john.py)

```bash
./sshng2john.py <keyfile> > <output>
```

Crack it

```bash
john --wordlist=/usr/share/wordlists/rockyou.txt <output>
```

### unshadow

Using `/etc/passwd` and `/etc/shadow` to gain password hashes and then crack them via john.

```bash
unshadow <passwd-file> <shadow-file> > passwords.txt
john passwords.txt
```