John the Ripper (JtR)

• It is used to perform brute-force attacks using different encryption technologies and wordlists.

• It has several modules for generating hashes from various file types, such as SSH keys (ssh2john), .kbdx files (keepass2john), and password-protected zip archives (zip2john). The generated hashes are used as input to find the password with John the Ripper.

• The johncommand has an extensive range of options and flags and built-in wordlists, but it can be supplied 3rd third-party wordlists.

• JtR's primary modes are:

  • Single crack mode (default) - the fastest and best mode if you have a full password file to crack.

  • Wordlist mode - compares the hash to known list of potential password matches.

  • Incremental mode is the most powerful and possibly will not complete; it the classic brute-force mode that tries every possible character combination.

• Using JtR installed via APT or Snap supports limited encryption: descrypt, bsdicrypt, md5crypt, bcrypt, LM, AFS, tripcode, dummy, crypt

• Either use the included Kali JtR or install the Jumbo package from Openwall (https://www.openwall.com/john/)

Sample Syntax

# Simple Password Recovery (JtR tries to figure out the encryption)

$john file_with_hash.txt --wordlist=path/to/wordlist_file

# Specify Encryption format

$john file_with_hash.txt --wordlist=path/to/wordlist_file --format=Raw-MD5

$john file_with_hash.txt --wordlist=path/to/wordlist_file --format=md5crypt

#Show Recovered Passwords (for particular hash_file)

$john --show file_with_hash.txt

$john --show --format=Raw-MD5 file_with_hash.txt

# Recover SSH Private Key Passwords

# --------------------------------------------------------------

#    Copy the target id_rsa file (/home/username/.ssh/id_rsa)

#    Convert the private key to a JtR-compatible hash \

#     (Kali - /usr/share/john/ssh2john.py)

$python ssh2john.py id_rsa > id_rsa.hash

#    Crack the hash using JtR

$john id_rsa.hash --wordlist=path/to/wordlist_file

#    View the retrieved password (use to log in via SSH)

$john --show id_rsa.hash

# Recover ZIP Archive Passwords

# --------------------------------------------------------------

#    Use the zip2john (/usr/sbin/zip2john) utility to create a \

#    hash of the zip archive

$zip2john file.zip > zip_hash.txt

#    Use JtR to recover the password

$john zip_hash.txt --wordlist=path/to/wordlist_file

Additional Resources

John The Ripper Hash Formats - Pentest Monkey

John The Ripper Cheatsheet

JtR Cheatsheet (PDF)