I created a quick reference guide for John the Ripper. Useful for those starting in order to get familiar with the command line.
John the Ripper is designed to be both feature-rich and fast. It combines several cracking modes in one program and is fully configurable for your particular needs (you can even define a custom cracking mode using the built-in compiler supporting a subset of C). Also, John is available for several different platforms which enables you to use the same cracker everywhere (you can even continue a cracking session which you started on another platform).
Out of the box, John supports (and autodetects) the following Unix crypt(3) hash types: traditional DES-based, “bigcrypt”, BSDI extended DES-based, FreeBSD MD5-based (also used on Linux and in Cisco IOS), and OpenBSD Blowfish-based (now also used on some Linux distributions and supported by recent versions of Solaris). Also supported out of the box are Kerberos/AFS and Windows LM (DES-based) hashes, as well as DES-based tripcodes.
Now, let’s assume you’ve got a password file, “mypasswd”, and want to crack it. The simplest way is to let John use its default order of cracking modes:
This will try “single crack” mode first, then use a word list with rules, and finally go for “incremental” mode.
There are other options you can use in a single command line.
john –crack-status –dupe-suppression –format= NAMEOFHAASH e.g raw-md5 –wordlist=/root/Desktop/dict/NAMEOFFILE /root/Desktop/HASH/NameOfHASH
If you want to see current cracked passwords you would use the command below.
john –show /root/Desktop/HASH/sha1
If you wanted to show what you had left in a hash file you would use the below.
john –show=left /root/Desktop/HASH/sha1
If you wanted to delete the john.pot you would use the following.
For cracking wpa with a wordlist you would use.
john –crack-status –dupe-suppression –format=wpapsk –wordlist=/root/Desktop/dict/bigdict.txt ~/hs/NAMEOFFILE
So to explain the above in sections it works like this:-
john = the application
–crack-status = show password crack status
–dupe-suppression = remove duplicate hash from file
–foramt=wpapsk = the type of hash you have specified to crack
–wordlist = the location of your wordlist
~/hs/NAMEOFFILE – The location of the HASH ( WPA Handshake )