JOHN THE RIPPER
INSTALLATION
root@oco:~$ sudo apt search john
root@oco:~$ sudo apt install john
...
root@oco:~$ john --help
...DISPLAYING CRACKED PASSWORDS
root@oco:~$ john --format=raw-sha256 --show hash1.txt
* john will not spend computing resources to crack an already-cracked password hash. if a password is already found from a previous session, John displays the message "No password hashes left to crack"
- use the --show option/flag to display already cracked passwordsCRACKING HASHES
#basic cracking with John the Ripper
root@oco:~$ john --format=raw-sha256 --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt
* the --format=raw-sha256 specifies the hash format
* the --wordlist=/usr/share/wordlists/rockyou.txt sets the wordlist for use
* if no results are found, apply transformation rules
- John can start from a long password list and attempt various common derivations from each of the passwords to increase its chances of success. This behaviour can be triggered through the use of rules.
#transformation rule cracking with John the Ripper
root@oco:$ cat /etc/john/john.conf
[List.Rules:Wordlist] section
...
root@oco:~$ john --format=raw-sha256 --rules=wordlist --wordlist=/usr/share/wordlists/rockyou.txt hash1.txt
fluffycat12 (?)
* adding the option --rules=wordlist to your john command line generates multiple passwords from each entry in the password list
- appends and prepends single digits, performs substitutions such as a can be replaced with @, i can be replaced with !, and s can be replaced with $CRACKING ENCRYPTED FILES (PDF)
the password protected file MUST be converted into the hash using john's modules IOT successfully crack the password
#convert the password protected file to john's format
root@oco:~$ find / -iname *2john* -type f 2>/dev/null
root@oco:~$ ls /opt/john/*2john*
* display various tools John can use to convert password-protected file into a format that john can attack
* naming style “{format}2john”
root@oco:~$ pdf2john.pl private.pdf > pdf.hash
* this cmd creates a hash challenge of a password protected file
root@oco:~$ cat pdf.hash
private.pdf:$pdf$2*3*128*-1028*1*16*c1e77e30a0456552cb8a5327241559bd*32*3dc175eae491edc29b937e4fdbda766c00000000000000000000000000000000*32*6a1b5158d8d6dd9e8380f87b624da6cc936075fd41dc3c76acf2d90db62e4a27
root@oco:~$ john -wordlist=/usr/share/wordlists/rockyou.txt pdf.hash
* M4y0rM41w4r3 (private.pdf) CRACKING ENCRYPTED FILES (ZIP)
the password protected file MUST be converted into the hash using john's modules IOT successfully crack the password
#convert the password protected file to john's format
root@oco:~$ find / -iname *2john* 2>/dev/null
/usr/sbin/zip2john
* display various tools John can use to convert password-protected file into a format that john can attack
* naming style “{format}2john”
root@oco:~$ zip2john backup.zip > zip.hash
Created directory: /home/str1f3/.john
ver 2.0 efh 5455 efh 7875 backup.zip/index.php PKZIP Encr: TS_chk, cmplen=1201, decmplen=2594, crc=3A41AE06 ts=5722 cs=5722 type=8
ver 2.0 efh 5455 efh 7875 backup.zip/style.css PKZIP Encr: TS_chk, cmplen=986, decmplen=3274, crc=1B1CCD6A ts=989A cs=989a type=8
NOTE: It is assumed that all files in each archive have the same password.
If that is not the case, the hash may be uncrackable. To avoid this, use
option -o to pick a file at a time.
* this cmd creates a hash challenge of a password protected file
root@oco:~$ find / -iname *rockyou* -type f 2>/dev/null
/usr/share/wordlists/rockyou.txt.gz
root@oco:~$ john -wordlist=/usr/share/wordlists/rockyou.txt zip.hash
Last updated