John the Ripper

At a minimum, you need to specify the stored password values you want to crack.

Cracking Modes

Consider which "cracking mode" you intend to use. You can specify your own externally defined modes. John also has built-in modes:

  • Single crack mode uses information about the user, such as username or full name, from the supplied password values, where present, to attempt to build a short, highly focused dictionary of targeted passwords to crack.

  • Wordlist mode operates via a wordlist, either user-supplied or a built-in one, and tries all the values in the wordlist.

  • Incremental mode attempts to iterate through all possible character combinations according to adjustable length and complexity criteria -- for example, all strings between five and eight alphanumeric characters.

Unshadow command 

unshadow /etc/passwd /etc/shadow > passwords.out
john --format=crypt ./passwords.out

This is distributed with John the Ripper in most packages. It combines the contents of /etc/passwd and /etc/shadow on a Linux VM, in this case, Kali. Then, we used the john command and specified the format -- in this case, the crypt mechanism. Since we haven't told it what cracking mode to use, John begins with single crack and then proceeds to wordlist -- none was specified, so it used the default. Ultimately, it will move to incremental mode.

LogoHow to use the John the Ripper password cracker | TechTargetSearch Security
LogoJohn the Ripper - usage examples
PreviousLab 6.1 Password Cracking - LinuxNextHashcat

Last updated