Scribd
Upload
59 views7 pages

Kali Linux: John the Ripper Guide

password cracking and recovery tool

Uploaded by

miliontesfaye23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
59 views7 pages

Kali Linux: John the Ripper Guide

password cracking and recovery tool

Uploaded by

miliontesfaye23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

How to use John the Ripper in Kali

Linux
Last Updated : 13 Jun, 2024


John the Ripper, which in general we all know as John is a very popular and
free password-cracking tool that is included by default in the Kali Linux
Operating System. John tool was first introduced in 1996 and nowadays it
has become an important tool for security researchers and professionals for
analyzing passwords and also for cracking passwords. John the Ripper is an
optimized tool to recover lost passwords and assess the strength of password
protection systems through its dictionary and brute-force attacks for hashed
passwords. It can work across many different types of hashing, such as MD5
and SHA1, SHA2, NTLM, and many other hash-type passwords. John the
Ripper can also automatically detect the lengths and sets of characters in
passwords. There are many features that make it so powerful for example
we can say it have the ability to perform quick, parallelized cracking on
different cores of the CPU. Using John the Ripper password cracking tool
help we can recover a forgotten password and also we can check the
strength of our own passwords, and conduct full-scale security audits in our
password-protected systems and services.

Common modes in John the Ripper tool for


Password Cracking
John the Ripper provides us various cracking modes, which we can apply as
per our different needs and situations. Following are the three main modes
which are mostly being used nowadays.
1. Dictionary Attack Mode: In this type of mode, John the Ripper uses a
predefined list of possible passwords, which we call a dictionary or wordlist,
for cracking passwords. It simply tries, word by word against the hashed
password. This is a very effective way, as the password may be a usual
word, or it may be a slight variation of one so we can find it in very less
time. Dictionary attacks are usually the first attacks to crack a password, as
they are fast and sometimes able to give quick results for weak passwords.
2. Brute Force Attack Mode: If a dictionary attack fails, John the Ripper
can switch to brute force mode to find the password. In this mode, the tool
tries all possible combinations of characters until finding the correct
password. Brute force attacks can be time-consuming, attack especially in
the situation where we are trying to find longer and more complex
passwords. Brute force attack mode can be profitable when we have a high
computing system and then it can break passwords in very little time.
3. Incremental Mode: The incremental mode in John the Ripper is used to
generate and test passwords based on our specified rules and character sets.
It starts with simple passwords and it increases their complexity step by
step. it is more efficient than pure brute force attacks in certain cases where
we have our original password near to our testing password.
To understand in a better way how to use John the Ripper in Kali Linux let’s
see the below demo which shows how we can crack passwords using John
the Ripper in Kali Linux.

How to Crack Password using John the Ripper in


Kali Linux
Step 1: In Kali Linux John the ripper tool is pre-installed but if you are
facing any issues then you install again it using the following command.
$ sudo apt install john

Step 2: Now using following command we can check the john the ripper
version and other related information.
$ john
Step 3: For our testing and demo purpose we have hash file which consists
hash password in diffirent diffirent format and also we have custom wordlist
for dictionary attack using john the ripper. For listing everything and seeing
we can use following command.
$ ls
Step 4: Now for findig password using dictionary attack we can use
following command where rockyou.txt file is wordlist which exists by
default in kali linux and alpha.txt is our hash stored file which contains our
real password in MD5 hash format. Using following command we can see
we cracked the password which is abcd.
$ john --wordlist=/usr/share/wordlists/rockyou.txt alpha.txt
--format=raw-md5
Step 5: In another file num.txt we have MD5 hash format . We can also use
incremental mode for cracking this password file where our john the ripper
tool increment its value one by one and tries to match password one by one
and when it matches it give us result that password has been found out.
$ john --format=raw-md5 num.txt --incremental

Step 6: Now in this step we will use our custom dictionary file instead of
pre saved file in kali linux. This method can be very useful when we have
list of passwords in which one is correct.
Following is our hash1.txt file data in md5 format which we will crack using
john the ripper.

Following is command for cracking password hash using custom dictionary


file.
$ john --wordlist=customwc.txt hash1.txt --format=raw-md5
Step 7: In john the ripper we can use multiple type of hash format for
cracking the passwords. Following is example for cracking the password of
SHA1 type hash using john the ripper in kali linux.
$ john --wordlist=customwc.txt hashsha.txt --format=raw-sha1

Conclusion
John the Ripper is a popular and free password-cracking tool that comes by
default with the Kali Linux Operating System. This tool is designed to
recover lost passwords and check password-protected systems’ security
using dictionary attacks and brute-force attacks. John the ripper consists
many variety of hashing passwords cracking algorithms such as MD5,
SHA1, SHA2, NTLM, and many more. This makes John the Ripper capable
of automatically detecting the length of a password and the character set. It
can be also used for cracking passwords on multiple CPU cores
simultaneously which makes it much effective in order to crack passwords.
Use of John the Ripper also helps us when we forget our password and we
have only its hash type. This tool in kali linux can be also used to test the
strength of password, and to conduct deeper security auditing on password
protected systems. Further its totally depends on us how we are using this
tool. As legal consideration we must not use this tool on the any kind of
system without the proper permissions to the respective authority

You might also like