Kali Linux

How to use John, the ripper in Kali Linux

John the Ripper is an Open Source cross-platform package that is typically used for password security auditing and password recovery. In this tutorial, we’ll be learning how to use John the Ripper in Kali Linux.

On Kali Linux, John the Ripper is preinstalled, so there’s no need to install anything! Just pick up the package, and take it for a ride.

Scenario #1: You Just Got A Password Hash

So, let’s assume that you were just handed a hash, an MD5 hash, to be specific. In real-life situations, you’d obtain these by scavenging a computer. In my case, I’m going to use the word password123:

echo 482c811da5d5b4bc6d497ffa98491e38 > hash.txt

To resolve the password, you’d use the simplest usage of the john the ripper code:

john hash.txt

Typically, John the Ripper automatically detects the hash type. But you can augment this as much as you want! So let’s say you want to add your own word list and specify the format, then you’d write:

john --wordlist=~/Downloads/passwordlist --format=Raw-MD5  hash.txt


So, the first time you run the latter, it will show the password on the screen, after which point, it will save it into a file called john.pot. In my case, the folder john.pot was located at /home/kali/.john/john.pot.


Scenario #2: Password Protected Zip File

Now let’s pretend there is a Zip file with a password lock. So at some point previously, you created a zip file that is password protected. For that, you’ll need to install zip:

sudo apt install zip

Then to create the zip file:

zip --password <password> <name of zip file> <directory to zip>

Ex: zip --password password123 linuxhint.zip linuxhint.txt

(Here, the word password123 is the actual password protecting the zip file.)

Now, 6 months later, you’ve forgotten the password. What can you do? Well, use John the Ripper, but before we can, we first need to convert the zip to john.

To do so, we’ll use the zip2john command:

zip2john linuxhint.zip > linuxhint_password.txt

The hash itself is located between the two dollar signs.


John the Ripper can retrieve the password using one of two methods: the dictionary attack or the bruteforce attack. A file with a list of potential passwords is compared to the hash at hand in a dictionary attack. If a match is found, it will chuck it out. On the other hand, if a password is not found, you can use a different password file or use a different method.

Next, we’d write:

john --wordlist=~/Downloads/passwordlist linuxhint_password.txt


Here, what we did was crack a zip file, but it doesn’t have to be a zip file! It can be almost anything. Just remember that you have to, in such cases, use the {your_module}2john. For example, if you were cracking Wifi, you’d use Aircrack-ng and obtain a cap file. Once you’ve obtained the cap file, you’d have to convert the cap file to an hccap file. Once you have a hccap file, use the hccap2john to convert it to the john format, which will yield results on John the Ripper.

You can find more of the 2john commands using:

locate 2john


Scenario #3: Increment Style Or Brute Force

The most powerful of all the methods available is the bruteforce method because it will check every possible combination out there! But this also means that it’s unlikely to ever end unless the passwords are reasonably simple.

For example, I will choose a 3 character password in the MD5 format: abc. I’m doing this so that I don’t have to spend hours waiting for it to detect it.

echo 900150983cd24fb0d6963f7d28e17f72 > incremental.txt

The simplest way of doing this is to type:

john --format=Raw-MD5 --incremental incremental.txt

Alternatively, you could have also written:

john --format=Raw-MD5 -i incremental.txt


As you can see, I found it in less than a second, and I didn’t even have to supply it with a dictionary.

Next, we’re going to mess around with the configuration file located at /etc/john/john.conf.

In the /etc/john/john.conf file, you will find a section on incremental modes. Here, you can add more if you want, but first, let’s try using one of them.

There’s one in /etc/john/john.conf that is as follows:


File = $JOHN/digits.chr
MinLen = 1
MaxLen = 20
CharCount = 10

Here, let’s recreate an MD5 hash for the password 123456.

echo e10adc3949ba59abbe56e057f20f883e > password_digits.txt

Now, let’s use the incremental mode:

john --format=Raw-MD5 --incremental=digits password_digits.txt

The latter will search all possible combinations of digits. And since it was only a 6-digit password, it cracked it in less than one second.


However, you can add your own files in there and create your own incremental files as well. You can create rules, etc… It gets heavy!

Johnny: The Gui Version

Now for those who prefer a GUI version over a CLI version, there’s Johnny. To install johnny:

sudo apt get install johnny

Under the File tab, you should find two options – open the password file or open other file format. For demonstration purposes, we will use the first – open password file. I will open the hash.txt file that holds a password in MD5.

In the options section, you can choose the attack mode you want. I will choose the word list and the type of hash (at the top). Then I’m going to give it a password file.


Then click on “Start new attack”.


Simple and easy! In the same way, you can choose the attack mode. So if you want the incremental mode, then set it up and watch it do its thing.

John the Ripper is a very powerful tool. In fact, it is very commonly used, so much so that it comes preinstalled on Kali Linux! John the Ripper is primarily used for password recovery, but one can always verify whether the passwords one’s chosen are safe or not by trying to break them as well. All in all, it’s a fantastic tool that takes a while to learn and master, but it’s definitely worth the effort.

Happy Coding!

About the author

Kalyani Rajalingham

I'm a linux and code lover.