On Kali Linux, John the Ripper is preinstalled, so there’s no need to install anything! Just pick up the package, and take it for a ride.
Scenario #1: You Just Got A Password Hash
So, let’s assume that you were just handed a hash, an MD5 hash, to be specific. In real-life situations, you’d obtain these by scavenging a computer. In my case, I’m going to use the word password123:
To resolve the password, you’d use the simplest usage of the john the ripper code:
Typically, John the Ripper automatically detects the hash type. But you can augment this as much as you want! So let’s say you want to add your own word list and specify the format, then you’d write:
So, the first time you run the latter, it will show the password on the screen, after which point, it will save it into a file called john.pot. In my case, the folder john.pot was located at /home/kali/.john/john.pot.
Scenario #2: Password Protected Zip File
Now let’s pretend there is a Zip file with a password lock. So at some point previously, you created a zip file that is password protected. For that, you’ll need to install zip:
Then to create the zip file:
Ex: zip --password password123 linuxhint.zip linuxhint.txt
(Here, the word password123 is the actual password protecting the zip file.)
Now, 6 months later, you’ve forgotten the password. What can you do? Well, use John the Ripper, but before we can, we first need to convert the zip to john.
To do so, we’ll use the zip2john command:
The hash itself is located between the two dollar signs.
John the Ripper can retrieve the password using one of two methods: the dictionary attack or the bruteforce attack. A file with a list of potential passwords is compared to the hash at hand in a dictionary attack. If a match is found, it will chuck it out. On the other hand, if a password is not found, you can use a different password file or use a different method.
Next, we’d write:
Here, what we did was crack a zip file, but it doesn’t have to be a zip file! It can be almost anything. Just remember that you have to, in such cases, use the {your_module}2john. For example, if you were cracking Wifi, you’d use Aircrack-ng and obtain a cap file. Once you’ve obtained the cap file, you’d have to convert the cap file to an hccap file. Once you have a hccap file, use the hccap2john to convert it to the john format, which will yield results on John the Ripper.
You can find more of the 2john commands using:
Scenario #3: Increment Style Or Brute Force
The most powerful of all the methods available is the bruteforce method because it will check every possible combination out there! But this also means that it’s unlikely to ever end unless the passwords are reasonably simple.
For example, I will choose a 3 character password in the MD5 format: abc. I’m doing this so that I don’t have to spend hours waiting for it to detect it.
The simplest way of doing this is to type:
Alternatively, you could have also written:
As you can see, I found it in less than a second, and I didn’t even have to supply it with a dictionary.
Next, we’re going to mess around with the configuration file located at /etc/john/john.conf.
In the /etc/john/john.conf file, you will find a section on incremental modes. Here, you can add more if you want, but first, let’s try using one of them.
There’s one in /etc/john/john.conf that is as follows:
File = $JOHN/digits.chr
MinLen = 1
MaxLen = 20
CharCount = 10
Here, let’s recreate an MD5 hash for the password 123456.
Now, let’s use the incremental mode:
The latter will search all possible combinations of digits. And since it was only a 6-digit password, it cracked it in less than one second.
However, you can add your own files in there and create your own incremental files as well. You can create rules, etc… It gets heavy!
Johnny: The Gui Version
Now for those who prefer a GUI version over a CLI version, there’s Johnny. To install johnny:
Under the File tab, you should find two options – open the password file or open other file format. For demonstration purposes, we will use the first – open password file. I will open the hash.txt file that holds a password in MD5.
In the options section, you can choose the attack mode you want. I will choose the word list and the type of hash (at the top). Then I’m going to give it a password file.
Then click on “Start new attack”.
Simple and easy! In the same way, you can choose the attack mode. So if you want the incremental mode, then set it up and watch it do its thing.
John the Ripper is a very powerful tool. In fact, it is very commonly used, so much so that it comes preinstalled on Kali Linux! John the Ripper is primarily used for password recovery, but one can always verify whether the passwords one’s chosen are safe or not by trying to break them as well. All in all, it’s a fantastic tool that takes a while to learn and master, but it’s definitely worth the effort.
Happy Coding!
