InfoSec News & Investigations

John The Ripper – Kali Linux Tips and Cheats

I created a quick reference guide for John the Ripper. Useful for those starting in order to get familiar with the command line.

Print it, laminate it and start practicing your password audit and cracking skills. Can also aid existing users when playing Hashrunner, CMIYC or other contests.

John the Ripper is designed to be both feature-rich and fast. It combines several cracking modes in one program and is fully configurable for your particular needs (you can even define a custom cracking mode using the built-in compiler supporting a subset of C). Also, John is available for several different platforms which enables you to use the same cracker everywhere (you can even continue a cracking session which you started on another platform).

Out of the box, John supports (and autodetects) the following Unix crypt(3) hash types: traditional DES-based, “bigcrypt”, BSDI extended DES-based, FreeBSD MD5-based (also used on Linux and in Cisco IOS), and OpenBSD Blowfish-based (now also used on some Linux distributions and supported by recent versions of Solaris). Also supported out of the box are Kerberos/AFS and Windows LM (DES-based) hashes, as well as DES-based tripcodes.

Now, let’s assume you’ve got a password file, “mypasswd”, and want to crack it. The simplest way is to let John use its default order of cracking modes:

	john mypasswd

This will try “single crack” mode first, then use a word list with rules, and finally go for “incremental” mode.
There are other options you can use in a single command line.

john –crack-status –dupe-suppression –format= NAMEOFHAASH e.g raw-md5 –wordlist=/root/Desktop/dict/NAMEOFFILE /root/Desktop/HASH/NameOfHASH

If you want to see current cracked passwords you would use the command below.

john –show /root/Desktop/HASH/sha1

If you wanted to show what you had left in a hash file you would use the below.

john –show=left /root/Desktop/HASH/sha1

If you wanted to delete the john.pot you would use the following.

rm /file/location/john.pot

For cracking wpa with a wordlist you would use.

john –crack-status –dupe-suppression –format=wpapsk –wordlist=/root/Desktop/dict/bigdict.txt ~/hs/NAMEOFFILE

So to explain the above in sections it works like this:-
john = the application
–crack-status = show password crack status
–dupe-suppression = remove duplicate hash from file
–foramt=wpapsk = the type of hash you have specified to crack
–wordlist = the location of your wordlist
~/hs/NAMEOFFILE – The location of the HASH ( WPA Handshake )