Penetration testing and cyber defense

How to use John the Ripper: Password cracker.

3 min read
John the Ripper
John the Ripper

John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems.

Many people are asking this question, “How can I crack any password”. But let me tell you that if you are reading this post don’t worry you are in a good place. In this article, we are going to dive into John the Ripper (JtR), you will see how it work and explain to you why it’s important to use it.

In the previous article, we have seen how to install and start with Kali Linux. Now in this article, we are going to see how to start with John the Ripper and to use it. Then first let us see what is John the Ripper.

What is John the Ripper?

John the Ripper

First, you have to know that John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. It is designed to be both feature-rich and fast. It combines several cracking modes in one program and is fully configurable for your particular needs.

John the Ripper is available for several different platforms which enables you to use the same cracker everywhere. Also, It can support hundreds of hash and cipher types.

How can I get John the Ripper?

This is an amazing question that people may ask because after knowing what is John the Ripper, the next question must be how to get it. Now as you know what is John the Ripper let us see how to get it.

John the Ripper t-shirt
from John the Ripper official site

As I mentioned before John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product, please consider John the Ripper Pro, which is distributed primarily in the form of “native” packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Now, you can download John the Ripper on Linux, macOS, Windows, and Android on its official page You must verify the authenticity and integrity of your John the Ripper downloads to make sure you downloaded a good one. Once you visit the official page you will get more information about that.

John the Ripper is available on Kali Linux as part of their password cracking metapackages.

You may also like how to install kali nethunter on android

What is John the Ripper is used for?

This is another question that some of you must ask, so let us respond to this question to satisfy everyone.

John the Ripper is a primary password cracker used during pen-testing exercises that can help IT guys spot weak passwords and poor password policies. It also supports several common encryption technologies for Unix and Windows-based Systems. It also autodetects the encryption on the hashed data.

John the Ripper also includes its own wordlists of common passwords for 20+ languages. John the RipperIs included in the pen-testing versions of Kali Linux.

Attack types

John the Ripper uses the dictionary attack. it takes text string samples from a wordlist. It offers also brute force attacks. In this type of attack John the Ripper goes through all the possible plaintext, hashing data, and then compares them to the input hash.

Also, it uses character frequency tables to try plaintext containing more frequently used characters first.

You may also like to see How to install Tool-X on termux

Some basic commands

Now we are going to go over some basics commands that you need to start using John the Ripper. To get started you need a file that contains a hash value to decrypt.

John usage example. (Tested in Kali Linux.)

Using a wordlist (–wordlist=/usr/share/john/password.lst), apply mangling rules(-rules) and attempt to crack the password hashes in the given file (unshadowed.txt).

root@kali:~# john --wordlist=/usr/share/john/password.lst --rules unshadowed.txt

Unique Usage Example

Using verbose mode (-v), read a list of passwords (-inp=allwords.txt) and save only unique words to a file (uniques.txt):

root@kali:~#  unique -v -inp=allwords.txt uniques.txt

This is the end of this article hope you get a clear understanding of John the Ripper. If you are having question or suggestion don’t keep it for your self just share with us Thank you.

About The Author

8 thoughts on “How to use John the Ripper: Password cracker.

Comments are closed.

Discover more from Tgeniusclub

Subscribe now to keep reading and get access to the full archive.

Continue reading