John the Ripper (JTR)

John the Ripper is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. GitHub - magnumripper/JohnTheRipper

• Openwall

Mutations

Config file

/etc/john/john.conf

Modify the config file

# Add two numbers to the end of each password
$[0-9]$[0-9]

john --wordlist=megacorp-cewl.txt --rules --stdout > mutated.txt

Hash attacks

Brute force (all)

john <file-with-hashes>

Using wordlist

john --wordlist=/usr/share/wordlists/rockyou.txt <file-with-hashes>

Single Crack Mode

John will create it's own dictionary list based on additional information provided (e.g. username).

Fileformat (Gecos)

username:password

john --single <file-with-hashes>

Rules

Applying rules Word mangling rules are used to modify or "mangle" words producing other likely passwords

john --rules --wordlist=/usr/share/wordlists/rockyou.txt <file-with-hashes>

KoreLogic John the Ripper Rules used a variety of custom rules to generate the passwords.

cAz "19[0-9][0-9]"

Az "19[0-9][0-9]"

Archives

Zip

zip2john <archive.zip> > archive-hash.txt

7z

/usr/share/john/7z2john.pl <archive.7z> > archive-hash.txt

Rar

rar2john <archive.rar> > archive-hash.txt

KeePass

Grab password hash

keepass2john <kdbx-file>

Grab keyfile hash

keepass2john -k <key-file> <kdbx-file>

SSH key encryption (passphrase)

ssh2john <keyfile> > <output>

In Kali:

/usr/share/john/ssh2john.py

Convert to john readable format hashstack-server-plugin-jtr/sshng2john.py at master · stricture/hashstack-server-plugin-jtr · GitHub

./sshng2john.py <keyfile> > <output>

Crack it

john --wordlist=/usr/share/wordlists/rockyou.txt <output>

unshadow

Using /etc/passwd and /etc/shadow to gain password hashes and then crack them via john.

unshadow <passwd-file> <shadow-file> > passwords.txt
john passwords.txt