john - John the Ripper Password Cracker β
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords, but it supports various password hash types and can be extended with custom modules.
π― Purpose β
- Password Auditing: Test password strength in organizations
- Hash Cracking: Crack various password hash formats
- Security Assessment: Identify weak passwords in systems
- Forensic Analysis: Recover passwords from evidence
π Basic Usage β
Basic Password Cracking β
bash
# Crack shadow file
john /etc/shadow
# Crack with specific wordlist
john --wordlist=/usr/share/wordlists/rockyou.txt /etc/shadow
# Show cracked passwords
john --show /etc/shadowHash Format Detection β
bash
# Auto-detect hash format
john hashfile.txt
# Specify hash format
john --format=MD5 hashes.txt
# List available formats
john --list=formatsπ§ Attack Modes β
Dictionary Attack β
bash
# Basic dictionary attack
john --wordlist=passwords.txt hashes.txt
# External wordlist
john --wordlist=/usr/share/wordlists/rockyou.txt --format=MD5 hashes.txt
# Multiple wordlists
john --wordlist=dict1.txt,dict2.txt hashes.txtIncremental Mode (Brute Force) β
bash
# Default incremental mode
john --incremental hashes.txt
# Specific character set
john --incremental=alpha hashes.txt
# Custom incremental mode
john --incremental=digits --min-length=4 --max-length=8 hashes.txtRule-Based Attack β
bash
# Use built-in rules
john --wordlist=passwords.txt --rules hashes.txt
# Specific rule set
john --wordlist=passwords.txt --rules=jumbo hashes.txt
# Custom rules
john --wordlist=passwords.txt --rules=single hashes.txtπ― Common Hash Formats β
Unix/Linux Systems β
bash
# Traditional DES crypt
john --format=DES /etc/shadow
# MD5 crypt
john --format=MD5crypt /etc/shadow
# SHA-256 crypt
john --format=SHA256crypt /etc/shadow
# SHA-512 crypt
john --format=SHA512crypt /etc/shadowWindows Systems β
bash
# LM hashes
john --format=LM ntlm.txt
# NTLM hashes
john --format=NT ntlm.txt
# Extract from SAM
samdump2 SYSTEM SAM > sam.txt
john sam.txtApplication Hashes β
bash
# MySQL passwords
john --format=mysql mysql_hashes.txt
# PostgreSQL passwords
john --format=postgres postgres_hashes.txt
# ZIP archives
zip2john encrypted.zip > zip.hash
john zip.hash
# PDF files
pdf2john encrypted.pdf > pdf.hash
john pdf.hashπ Installation β
Debian/Ubuntu β
bash
sudo apt update
sudo apt install johnFrom Source (Jumbo Community Version) β
bash
git clone https://github.com/openwall/john.git
cd john/src
./configure
make
sudo make installSnap Package β
bash
sudo snap install john-the-ripperβοΈ Configuration β
Custom Rules β
Create custom rules in john.conf:
ini
[List.Rules:Custom]
# Append numbers 0-99
$[0-9]$[0-9]
# Capitalize first letter
c
# Add year
$2$0$2$3Character Sets β
bash
# Define custom character sets
[Incremental:Custom]
File = $JOHN/custom.chr
MinLen = 4
MaxLen = 8
CharCount = 62π‘ Pro Tips β
Hash Extraction β
bash
# Extract hashes from various file types
unshadow /etc/passwd /etc/shadow > combined.txt
rar2john encrypted.rar > rar.hash
office2john document.docx > office.hashSession Management β
bash
# Save session
john --session=mysession hashes.txt
# Restore session
john --restore=mysession
# Status check
john --status=mysessionOptimization β
bash
# Use all CPU cores
john --fork=4 hashes.txt
# Show statistics
john --test
# Benchmark formats
john --test --format=MD5Combining with Other Tools β
bash
# Use with hashcat potfile
john --pot=hashcat.potfile --show hashes.txt
# Generate wordlists
john --stdout --wordlist=base.txt --rules > generated.txtπ§ Advanced Features β
Custom Wordlist Generation β
bash
# Generate passwords from base words
echo "password" | john --stdout --rules=jumbo > custom_wordlist.txt
# Create targeted wordlist
john --stdout --incremental=digits --min-length=4 --max-length=8 > digits.txtMask Attack (Community Version) β
bash
# Mask-based attack
john --mask='?a?a?a?a?a?a' hashes.txt
# Custom mask
john --mask='password?d?d?d' hashes.txtExternal Mode β
bash
# Use external mode for complex generation
john --external=AutoAbort hashes.txtπ¨ Important Notes β
- Legal Authorization: Only test passwords you own or have explicit permission to audit
- Resource Usage: Incremental mode can be very CPU intensive
- Time Management: Some attacks may run for days or weeks
- Backup Results: Regularly save cracked passwords using
--show - Format Detection: Always verify the correct hash format is being used
π Performance Tips β
- Use
--forkfor multi-core systems - Start with dictionary attacks before brute force
- Use rules to maximize wordlist effectiveness
- Monitor progress with
--status - Consider hybrid approaches combining multiple tools
Part of the HackerHub.me tool documentation series