ETHICAL HACKING PRACTICAL

USING JOHN THE RIPPER TO CRACK PASSWORD

John the Ripper (JtR) is a powerful and widely used password-cracking tool designed to
test password strength and recover lost credentials. It is primarily used by cybersecurity
professionals for penetration testing and by system administrators to ensure their systems
are secure

z
 ETHICAL HACKING PRACTICAL

Key Features

Password Cracking:
• Supports various hash types (e.g., MD5, SHA-1, bcrypt, crypt).
• Capable of brute force, dictionary, and hybrid attacks.

Multi-Platform:
• Works on Linux, macOS, Windows, and more.

Customizable: z
• Allows users to define custom cracking rules.
• Supports adding new password hash formats.

Efficient:
• Optimized for speed and performance.
• Leverages multi-threading and GPU acceleration (when supported).

Open Source:
• Freely available and actively maintained by the community.
 ETHICAL HACKING PRACTICAL

Use Cases

Password Strength Testing:

• Identify weak passwords in systems to enforce better
security policies.
Penetration Testing:
z
• Simulate attacks to identify vulnerabilities in
authentication systems.
Password Recovery:
• Recover forgotten passwords for encrypted files,
system accounts, etc.
Educational Purposes:
• Learn about password security and cryptography.
 ETHICAL HACKING PRACTICAL

Cracking Modes

Single Crack Mode:

• Uses username or user-specific information to guess
passwords.
Dictionary Attack:
z from a wordlist (e.g., rockyou.txt).
• Tests passwords

Incremental Mode:
• Performs brute-force attacks by trying all possible
combinations of characters.
Hybrid Mode:
• Combines dictionary attacks with brute force, applying
mutations like adding numbers or symbols to word
 sudo john --wordlist=/usr/share/wordlists/rockyou.txt --
format=crypt unshadow.txt
Command Explanation

sudo:
• Runs the command with superuser privileges, which may be required to access certain
files or directories.
john:
• The main executable for John the Ripper, a popular password-cracking tool.

--wordlist=/usr/share/wordlists/rockyou.txt:
z
• Specifies the wordlist to use for cracking passwords.
• rockyou.txt is a well-known wordlist containing millions of common passwords. It is
located in /usr/share/wordlists on many Linux systems.
--format=crypt:
• Specifies the hash format to use.
• crypt refers to traditional UNIX password hashes created with the crypt() function.

unshadow.txt:
• The input file that contains the combined passwd and shadow file entries.
• The unshadow utility is used to merge /etc/passwd and /etc/shadow into a single file
(unshadow.txt), which is required for tools like John the Ripper to process.
 LETS DO IT
• We require two files (passwd and shadow ) which we later combine to form unshadow.txt
• Both are stored in the etc folder
• Change directory to Desktop cd ~/Desktop
• Enter cat /etc/passwd to view the file
• Copy kali:x:1000:1000:kali,,,:/home/kali:/usr/bin/zsh from the output
• Create a file with name passwd using nano passwd and save it in the Desktop folder
• Enter sudo cat /etc/shadow to view the file ( You need password to access this)
• Copy the password hash kali:$y$j9T$bhPPnes6TlXf5GU5iCb/n.
$0B4bwr1DwncIIyNIWQBeyLat8xRGuY5O0N9JqqX8LE.:19651:0:99999:7::: from the output
• Create a file with name shadow using nano shadow and save it in the Desktop folder
• Merge the two files z together using unshadow passwd shadow > unshadow.txt
• Look at the content to see the merged using cat unshadow.txt
• Create a password list on the desktop or download it using sudo apt install wordlists which will be
at /usr/share/wordlist
• Lets create our own nano pentest.txt put some samples of passwords and save
• Use sudo john --wordlist=/usr/share/wordlists/rockyou.txt --format=crypt
unshadow.txt if you have a list
• Use sudo john --wordlist=/~Desktop/pentest.txt --format=crypt unshadow.txt if you
created one
 LETS DO IT TOGATHER
─$ sudo john --wordlist=~/Desktop/pentest-password.txt --format=crypt unshadow.txt
Using default input encoding: UTF-8
Loaded 1 password hash (crypt, generic crypt(3) [?/64])
Cost 1 (algorithm [1:descrypt 2:md5crypt 3:sunmd5 4:bcrypt 5:sha256crypt
6:sha512crypt]) is 0 for all loaded hashes
Cost 2 (algorithm specific iterations) is 1 for all loaded hashes
Will run 4 OpenMP threads
Press 'q' or Ctrl-C
z to abort, almost any other key for status
Warning: Only 6 candidates left, minimum 96 needed for performance.
kali (kali)
1g 0:00:00:00 DONE (2024-12-12 23:47) 33.33g/s 200.0p/s 200.0c/s 200.0C/s kano
Use the "--show" option to display all of the cracked passwords reliably
Session completed.
 LETS DO IT TOGATHER
─$ sudo john --wordlist=~/Desktop/pentest-password.txt --format=crypt unshadow.txt
Using default input encoding: UTF-8
Loaded 1 password hash (crypt, generic crypt(3) [?/64])
Cost 1 (algorithm [1:descrypt 2:md5crypt 3:sunmd5 4:bcrypt 5:sha256crypt
6:sha512crypt]) is 0 for all loaded hashes
Cost 2 (algorithm specific iterations) is 1 for all loaded hashes
Will run 4 OpenMP threads
Press 'q' or Ctrl-C
z to abort, almost any other key for status
Warning: Only 6 candidates left, minimum 96 needed for performance.
kali (kali)
1g 0:00:00:00 DONE (2024-12-12 23:47) 33.33g/s 200.0p/s 200.0c/s 200.0C/s kano
Use the "--show" option to display all of the cracked passwords reliably
Session completed.
 Command Example Usage Function Output Example
ETHICAL HACKING PRACTICAL
Loaded 1 password hash (descrypt)
Starts cracking passwords from the guesses: 0 time: 0:00:00:00 DONE
Basic Usage john passwords.txt
file. (2024-08-07 18:25) c/s: 3000K trying:
password123

Loaded 1 password hash (auto-

Format Auto-Detection john --format=auto passwords.txt Automatically detects hash format.
detected)

Format Specification john --format=md5crypt passwords.txt Specifies hash format. Loaded 1 password hash (md5crypt)

Loaded 1000000 words from

rockyou.txt
Specify Wordlist john --wordlist=rockyou.txt passwords.txt Uses specified wordlist for cracking.
Press 'q' or Ctrl-C to abort, almost any
other key for status
z
Wordlist Mode john --wordlist=passwords.txt Uses wordlist mode. Using wordlist: passwords.txt
Mask Mode john --mask=?l?l?l?d passwords.txt Uses mask mode for cracking. Using mask: ?l?l?l?d (length 4)

Using incremental mode: ASCII

Incremental Mode john --incremental passwords.txt Starts incremental mode cracking. guesses: 0 time: 0:00:00:00 0.00%
(ETA: 2024-08-07 19:25)

Specifies charset for incremental

Incremental Charset john --incremental:alpha passwords.txt Using charset: alpha
mode.
Single Crack Mode john --single passwords.txt Uses single crack mode. Using single crack mode
Custom Rules john --rules=custom passwords.txt Applies custom rules. Using custom rules
Show Cracked password123 (user1)
john --show passwords.txt Displays cracked passwords.
Passwords password456 (user2)
Save Cracked ETHICAL
john --save-memory=30 HACKING
passwords.txt PRACTICAL
Saves cracked passwords to
Saved memory: 30MB
Passwords memory.

Resume Cracking
john --restore Resumes a paused cracking session. Restored session from ./john.rec
Session

Restore from File john --restore=./restore-file Restores session from a specific file. Restored session from ./restore-file

Session name: mycrack

Session Management john --session=mycrack passwords.txt Manages cracking session.
Proceeding with wordlist mode

z
Forking john --fork=4 passwords.txt Uses multiple processes for cracking. Forked 4 processes

Loaded 1 password hash (descrypt)

Wordlist file: rockyou.txt
Verbose Output john --verbose passwords.txt Enables verbose output.
Press 'q' or Ctrl-C to abort, almost any
other key for status

List Supported Hash

john --list=formats Lists supported hash formats. descrypt, md5crypt, bcrypt, etc.
Formats