JOHN THE RIPPER

root@oco:~$ john --format=raw-sha256 --show hash1.txt
 * john will not spend computing resources to crack an already-cracked password hash. if a password is already found from a previous session, John displays the message "No password hashes left to crack"
    - use the --show option/flag to display already cracked passwords

#basic cracking with John the Ripper
root@oco:~$ john --format=raw-sha256 --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt
 * the --format=raw-sha256 specifies the hash format
 * the --wordlist=/usr/share/wordlists/rockyou.txt sets the wordlist for use
 * if no results are found, apply transformation rules
    - John can start from a long password list and attempt various common derivations from each of the passwords to increase its chances of success. This behaviour can be triggered through the use of rules.
 
#transformation rule cracking with John the Ripper
root@oco:$ cat /etc/john/john.conf
 [List.Rules:Wordlist] section
 ...
root@oco:~$ john --format=raw-sha256 --rules=wordlist --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt
 fluffycat12      (?)  

  * adding the option --rules=wordlist to your john command line generates multiple passwords from each entry in the password list
    - appends and prepends single digits, performs substitutions such as a can be replaced with @, i can be replaced with !, and s can be replaced with $

#convert the password protected file to john's format
root@oco:~$ ls /opt/john/*2john*
 * display various tools John can use to convert password-protected file into a format that john can attack
 * naming style “{format}2john”

root@oco:~$ pdf2john.pl private.pdf > pdf.hash
 * this cmd creates a hash challenge of a password protected file
root@oco:~$ cat pdf.hash
 private.pdf:$pdf$2*3*128*-1028*1*16*c1e77e30a0456552cb8a5327241559bd*32*3dc175eae491edc29b937e4fdbda766c00000000000000000000000000000000*32*6a1b5158d8d6dd9e8380f87b624da6cc936075fd41dc3c76acf2d90db62e4a27

 * M4y0rM41w4r3     (private.pdf)