Introduction
John the Ripper (JTR) is a widely known and verified fast password cracker, available for Windows, DOS, BeOS, and OpenVMS and many flavours of Linux. It uses wordlists/dictionary to crack many different types of hashes including
MD5
, SHA
, etc.John the Ripper: Fast Password Cracker
We will start off by collecting the hashes from a linux machine, then use the tool unshadow and at last crack the hashes with John the Ripper. 1 – Collect hashes from a Linux machine We will start with collecting the hashes from the target machine. We will need both /etc/passwd and /etc/shadow. Save them to your Kali Linux machine, preferably. Loaded 9 password hashes with no different salts (Raw-SHA1 SHA1 256/256 AVX2 8x) Remaining 8 password hashes with no different salts Warning: no OpenMP support for this hash type, consider -fork=2.
This password cracking tool is free and Open Source, initially developed for the Unix operating system. But today it runs on fifteen different platforms. Its primary purpose is to detect weak Unix passwords. Besides several
crypt(3)
password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, and a lot of other hashes and ciphers in the community-enhanced version.For those who rather use commercial version, John the Ripper is available for following platforms:
- Linux: John the Ripper Pro
- Mac OS X: John the Ripper Pro
- Windows: Hash Suite
- Android: Hash Suite Droid
John the Ripper offers two types of attacks:
- Dictionary: It takes text string samples from wordlist, which contains dictionary of real passwords that are cracked before, encrypting it in the same format as the password being examined (encryption algorithm/key), and comparing the output to the encrypted string. John can also perform word alterations.
- Brute force: It goes through all the possible plaintexts, hashing each one and then comparing it to the input hash. This method takes a long time to run, but it’s precious for cracking password that doesn’t appear in wordlist dictionary.
Features/Performance
- Feature-rich and fast password cracking tool, with several cracking modes.
- It allows you to define a custom cracking mode using the built-in compiler supporting a subset of C.
- You can use same cracker everywhere, since John is available for different platforms, with possibility to continue a cracking session started on another platform.
- This tool supports a lot of Unix crypt(3) hash types:
traditional DES-based,
'bigcrypt',
BSDI extended DES-based,
FreeBSD MD5-based,
OpenBSD Blowfish-based,
Kerberos/AFS and Windows LM (DES-based),
DES-based tripcodes.
- On Linux distributions with
glibc 2.7+
, John 1.7.6+ supportsSHA-crypt
hashes, with optional OpenMP parallelization (requires GCC 4.2+). - On recent versions of Solaris, John 1.7.6+ supports and autodetects
SHA-crypt
andSunMD5
hashes, also with optional OpenMP parallelization (requires GCC 4.2+ or recent Sun Studio). - John the Ripper Pro adds support for Windows NTLM (MD4-based) and Mac OS X 10.4+ salted SHA-1 hashes.
- “Community enhanced” -jumbo versions add support for many more password hash types:
- Windows NTLM (
MD4-based
), Mac OS X 10.4-10.6salted SHA-1
hashes, Mac OS X 10.7salted SHA-512
hashes, rawMD5
andSHA-1
, arbitraryMD5-based
“web application” password hash types, hashes used by SQL database servers (MySQL, MS SQL, Oracle) and by some LDAP servers, several hash types used on OpenVMS, password hashes of the Eggdrop IRC bot, and lots of other hash types, as well as many non-hashes such as OpenSSH private keys, S/Key skeykeys files, Kerberos TGTs, PDF files, ZIP (classic PKZIP and WinZip/AES) and RAR archives.
- Windows NTLM (
- John the Ripper has its own highly optimized modules for different hash types and processor architectures.
John the Ripper’s Cracking Modes:
- Wordlist mode
- Single crack mode
- Incremental mode
- External mode
Install
Debian-based systems/Ubuntu
Clone it from the Github repository:
Then build:
To test your build, run:
Windows
Windows users can find detailed documentation on the official John the Ripper Wiki page.
Usage
To run John, firstly supply it with some password files and if you wish, specify a cracking mode:
Renault nissan ddt2000 2.3.0.1 full. Dacia Repair manuals English 122 MB DDT2000 2.3.0.1 - diagnostický software Renault-Nisan DDT2000 pro Renault Dacia Nisan. To install the update to version 2.3.0.1: 1. Start the installation DDT2000v2.3.0.1setupfullRENAULT.exe 2. Find and replace in one of the subdirectories '% ProgramFiles% DDT2000 ' file of the same name DDTregisterInfo.dll archived file in DDTregisterInfo.rar. DDT2000 - RENAULT - 2.3.0.1 is an application by Renault. Frequently, users decide to uninstall it. Sometimes this is efortful because doing this by hand requires some know-how related to Windows internal functioning. The best QUICK procedure to uninstall DDT2000 - RENAULT - 2.3.0.1 is to use Advanced Uninstaller PRO.
If you want to restrict it to the wordlist mode only (permitting the use of word mangling rules):
To retrieve the cracked passwords, run:
John The Ripper Crack Sha1 Hashes 1
Interrupted session can be continued with the following: