Password Cracker - John The Ripper (JTR)

Introduction to John The Ripper

John The Ripper (JTR) is one of the most popular password cracking tools
available in most Penetration testing Linux distributions like Kali Linux, Parrot OS, etc.
This tutorial will dive into John the Ripper, show you how it works, and explain why you
need it for security testing.
What are Password Hashes?
Currently, password login is one of the most authentication methods used for
security purposes. When you create a log-in password on most secure systems, it is stored
in a hashed format. Some of the common hashing algorithms include MD5, SHA-1, SHA-
2, NTLM, and LANMAN. For example, if I set my password as Aszx12 and it's hashed
with the MD5 algorithm, the resulting password hash will be
c0c20c7045eda99b569a44768f8d5219. When you want to log in, the system will hash the
password with the same algorithm and compare the hash with that stored in the database.
Password Cracking With John the Ripper (JtR)
Password cracking with JtR is an iterative process. A word is selected from the
wordlist, hashed with the same hash algorithm used to hash the password, and the resulting
hash is compared with the password hash. If they match, then the word picked from the
wordlist is the original password. If they don't match, JtR will pick another word to repeat
the same process until a match is found.
JtR supports 3 main modes of password cracking:
 Single Mode Crack: JtR tries to use usernames found on the GECOS field and test
them as possible passwords. GECOS is a field of each record in the /etc/passwd file
on UNIX systems.
 Wordlist mode: JtR tries all the password combinations in a wordlist file.
 Incremental mode (aka Brute-Force attack): JtR tries all character combinations
to crack the password
To properly understand how these three modes work, let's try cracking the password
hash of our Linux system.
Single Mode Password Cracking
Let's create a new user called Linux with the password Linux. Since password
cracking can be, at times, a lengthy process for complex passwords, we set the username
as the password. To create a user and set up a password, we will execute the commands
below:
$ sudo useradd Linux
$ sudo passwd Linux
 By default, the hashed user login passwords are stored in the /etc/shadow directory
on any Linux system. To view the contents of the shadow file, execute the command below
in your terminal.

$ sudo cat /etc/shadow

We need to copy the whole field and save it in a file with a name mypasswd on the
Desktop with the following command below:

$ sudo unshadow /etc/passwd /etc/shadow > mypasswd

To crack the password hash, we will use the command below:

$ sudo john --format=crypt --single mypasswd

From the output, you should see JtR cracked the password for user Linux.
Exercise with Wordlist Cracking Mode
Teacher will create user and password in your Kali. Your mission is to crack this
password using above and below commands.
1) You need to unzip rockyou.txt.gz file, which is located in the folder
/usr/share/wordlists/ in order to use wordlist cracking mode.
2) You need to copy the whole field from /etc/shadow file and save it in a file with
a name mypasswd on the Desktop.
3) The final step is to crack the password with the below command.
To crack this password hash using a wordlist, we will use the --wordlist parameter
then provide the path of the wordlist.
See the command below:

$ sudo john –format=crypt --wordlist=/usr/share/wordlists/rockyou.txt

mypasswd
In order to check rockyou file location go to /usr/share/wordlists/ folder. You can
use below command to see the folder:

$ ls /usr/share/wordlists/
From the output you can see that rockyou.txt.gz file which mean that file is zipped.
In order to unzip it, we will use the following command below:

$ gzip -d rockyou.txt.gz
Check it again with the ls command it should be rockyou.txt now.