JOHN THE RIPPER

DISPLAYING CRACKED PASSWORDS

root@oco:~$ john --format=raw-sha256 --show hash1.txt
 * john will not spend computing resources to crack an already-cracked password hash. if a password is already found from a previous session, John displays the message "No password hashes left to crack"
    - use the --show option/flag to display already cracked passwords

CRACKING HASHES

#basic cracking with John the Ripper
root@oco:~$ john --format=raw-sha256 --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt
 * the --format=raw-sha256 specifies the hash format
 * the --wordlist=/usr/share/wordlists/rockyou.txt sets the wordlist for use
 * if no results are found, apply transformation rules
    - John can start from a long password list and attempt various common derivations from each of the passwords to increase its chances of success. This behaviour can be triggered through the use of rules.
 
#transformation rule cracking with John the Ripper
root@oco:$ cat /etc/john/john.conf
 [List.Rules:Wordlist] section
 ...
root@oco:~$ john --format=raw-sha256 --rules=wordlist --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt
 fluffycat12      (?)  

  * adding the option --rules=wordlist to your john command line generates multiple passwords from each entry in the password list
    - appends and prepends single digits, performs substitutions such as a can be replaced with @, i can be replaced with !, and s can be replaced with $

CRACKING ENCRYPTED FILES

PreviousHASH IDENTIFICATIONNextHASHCAT

Last updated