John the ripper
Repo: John the Ripper
Encryption technologies
Encryption Technology
Description
UNIX crypt(3)
Crypt(3) is a traditional UNIX encryption system with a 56-bit key.
Traditional DES-based
DES-based encryption uses the Data Encryption Standard algorithm to encrypt data.
bigcrypt
Bigcrypt is an extension of traditional DES-based encryption. It uses a 128-bit key.
BSDI extended DES-based
BSDI extended DES-based encryption is an extension of the traditional DES-based encryption and uses a 168-bit key.
FreeBSD MD5-based (Linux & Cisco)
FreeBSD MD5-based encryption uses the MD5 algorithm to encrypt data with a 128-bit key.
OpenBSD Blowfish-based
OpenBSD Blowfish-based encryption uses the Blowfish algorithm to encrypt data with a 448-bit key.
Kerberos/AFS
Kerberos and AFS are authentication systems that use encryption to ensure secure entity communication.
Windows LM
Windows LM encryption uses the Data Encryption Standard algorithm to encrypt data with a 56-bit key.
DES-based tripcodes
DES-based tripcodes are used to authenticate users based on the Data Encryption Standard algorithm.
SHA-crypt hashes
SHA-crypt hashes are used to encrypt data with a 256-bit key and are available in newer versions of Fedora and Ubuntu.
SHA-crypt and SUNMD5 hashes (Solaris)
SHA-crypt and SUNMD5 hashes use the SHA-crypt and MD5 algorithms to encrypt data with a 256-bit key and are available in Solaris.
...
and many more.
Attack Methods
Dictionary
Brute force
Rainbow Tables
Cracking with John
Hash Format
Example Command
Description
afs
john --format=afs hashes_to_crack.txt
AFS (Andrew File System) password hashes
bfegg
john --format=bfegg hashes_to_crack.txt
bfegg hashes used in Eggdrop IRC bots
bf
john --format=bf hashes_to_crack.txt
Blowfish-based crypt(3) hashes
bsdi
john --format=bsdi hashes_to_crack.txt
BSDi crypt(3) hashes
crypt(3)
john --format=crypt hashes_to_crack.txt
Traditional Unix crypt(3) hashes
des
john --format=des hashes_to_crack.txt
Traditional DES-based crypt(3) hashes
dmd5
john --format=dmd5 hashes_to_crack.txt
DMD5 (Dragonfly BSD MD5) password hashes
dominosec
john --format=dominosec hashes_to_crack.txt
IBM Lotus Domino 6/7 password hashes
EPiServer SID hashes
john --format=episerver hashes_to_crack.txt
EPiServer SID (Security Identifier) password hashes
hdaa
john --format=hdaa hashes_to_crack.txt
hdaa password hashes used in Openwall GNU/Linux
hmac-md5
john --format=hmac-md5 hashes_to_crack.txt
hmac-md5 password hashes
hmailserver
john --format=hmailserver hashes_to_crack.txt
hmailserver password hashes
ipb2
john --format=ipb2 hashes_to_crack.txt
Invision Power Board 2 password hashes
krb4
john --format=krb4 hashes_to_crack.txt
Kerberos 4 password hashes
krb5
john --format=krb5 hashes_to_crack.txt
Kerberos 5 password hashes
LM
john --format=LM hashes_to_crack.txt
LM (Lan Manager) password hashes
lotus5
john --format=lotus5 hashes_to_crack.txt
Lotus Notes/Domino 5 password hashes
mscash
john --format=mscash hashes_to_crack.txt
MS Cache password hashes
mscash2
john --format=mscash2 hashes_to_crack.txt
MS Cache v2 password hashes
mschapv2
john --format=mschapv2 hashes_to_crack.txt
MS CHAP v2 password hashes
mskrb5
john --format=mskrb5 hashes_to_crack.txt
MS Kerberos 5 password hashes
mssql05
john --format=mssql05 hashes_to_crack.txt
MS SQL 2005 password hashes
mssql
john --format=mssql hashes_to_crack.txt
MS SQL password hashes
mysql-fast
john --format=mysql-fast hashes_to_crack.txt
MySQL fast password hashes
mysql
john --format=mysql hashes_to_crack.txt
MySQL password hashes
mysql-sha1
john --format=mysql-sha1 hashes_to_crack.txt
MySQL SHA1 password hashes
NETLM
john --format=netlm hashes_to_crack.txt
NETLM (NT LAN Manager) password hashes
NETLMv2
john --format=netlmv2 hashes_to_crack.txt
NETLMv2 (NT LAN Manager version 2) password hashes
NETNTLM
john --format=netntlm hashes_to_crack.txt
NETNTLM (NT LAN Manager) password hashes
NETNTLMv2
john --format=netntlmv2 hashes_to_crack.txt
NETNTLMv2 (NT LAN Manager version 2) password hashes
NEThalfLM
john --format=nethalflm hashes_to_crack.txt
NEThalfLM (NT LAN Manager) password hashes
md5ns
john --format=md5ns hashes_to_crack.txt
md5ns (MD5 namespace) password hashes
nsldap
john --format=nsldap hashes_to_crack.txt
nsldap (OpenLDAP SHA) password hashes
ssha
john --format=ssha hashes_to_crack.txt
ssha (Salted SHA) password hashes
NT
john --format=nt hashes_to_crack.txt
NT (Windows NT) password hashes
openssha
john --format=openssha hashes_to_crack.txt
OPENSSH private key password hashes
oracle11
john --format=oracle11 hashes_to_crack.txt
Oracle 11 password hashes
oracle
john --format=oracle hashes_to_crack.txt
Oracle password hashes
john --format=pdf hashes_to_crack.txt
PDF (Portable Document Format) password hashes
phpass-md5
john --format=phpass-md5 hashes_to_crack.txt
PHPass-MD5 (Portable PHP password hashing framework) password hashes
phps
john --format=phps hashes_to_crack.txt
PHPS password hashes
pix-md5
john --format=pix-md5 hashes_to_crack.txt
Cisco PIX MD5 password hashes
po
john --format=po hashes_to_crack.txt
Po (Sybase SQL Anywhere) password hashes
rar
john --format=rar hashes_to_crack.txt
RAR (WinRAR) password hashes
raw-md4
john --format=raw-md4 hashes_to_crack.txt
Raw MD4 password hashes
raw-md5
john --format=raw-md5 hashes_to_crack.txt
Raw MD5 password hashes
raw-md5-unicode
john --format=raw-md5-unicode hashes_to_crack.txt
Raw MD5 Unicode password hashes
raw-sha1
john --format=raw-sha1 hashes_to_crack.txt
Raw SHA1 password hashes
raw-sha224
john --format=raw-sha224 hashes_to_crack.txt
Raw SHA224 password hashes
raw-sha256
john --format=raw-sha256 hashes_to_crack.txt
Raw SHA256 password hashes
raw-sha384
john --format=raw-sha384 hashes_to_crack.txt
Raw SHA384 password hashes
raw-sha512
john --format=raw-sha512 hashes_to_crack.txt
Raw SHA512 password hashes
salted-sha
john --format=salted-sha hashes_to_crack.txt
Salted SHA password hashes
sapb
john --format=sapb hashes_to_crack.txt
SAP CODVN B (BCODE) password hashes
sapg
john --format=sapg hashes_to_crack.txt
SAP CODVN G (PASSCODE) password hashes
sha1-gen
john --format=sha1-gen hashes_to_crack.txt
Generic SHA1 password hashes
skey
john --format=skey hashes_to_crack.txt
S/Key (One-time password) hashes
ssh
john --format=ssh hashes_to_crack.txt
SSH (Secure Shell) password hashes
sybasease
john --format=sybasease hashes_to_crack.txt
Sybase ASE password hashes
xsha
john --format=xsha hashes_to_crack.txt
xsha (Extended SHA) password hashes
zip
john --format=zip hashes_to_crack.txt
ZIP (WinZip) password hashes
Cracking Modes
Single Crack Mode
When we run the command, John will read the hashes from the specified file, and then it will try to crack them by comparing them to the words in its built-in wordlist and any additional wordlists specified with the --wordlist option. Additionally, It will use any rules set with the --rules option (if any rules are given) to generate further candidate passwords.
John will output the cracked passwords to the console and the file "john.pot" (~/.john/john.pot) to the current user's home directory. Furthermore, it will continue cracking the remaining hashes in the background, and we can check the progress by running the john --show command. To maximize the chances of success, it is important to ensure that the wordlists and rules used are comprehensive and up to date.
Wordlist Mode
Wordlist Mode is used to crack passwords using multiple lists of words. It is a dictionary attack which means it will try all the words in the lists one by one until it finds the right one. It is generally used for cracking multiple password hashes using a wordlist or a combination of wordlists. It is more effective than Single Crack Mode because it utilizes more words but is still relatively basic. The basic syntax for the command is:
Incremental Mode
Incremental Mode is an advanced John mode used to crack passwords using a character set. It is a hybrid attack, which means it will attempt to match the password by trying all possible combinations of characters from the character set. This mode is the most effective yet most time-consuming of all the John modes. This mode works best when we know what the password might be, as it will try all the possible combinations in sequence, starting from the shortest one. This makes it much faster than the brute force attack, where all combinations are tried randomly. Moreover, the incremental mode can also be used to crack weak passwords, which may be challenging to crack using the standard John modes. The main difference between incremental mode and wordlist mode is the source of the password guesses. Incremental mode generates the guesses on the fly, while wordlist mode uses a predefined list of words. At the same time, the single crack mode is used to check a single password against a hash.
Using this command we will read the hashes in the specified hash file and then generate all possible combinations of characters, starting with a single character and incrementing with each iteration. It is important to note that this mode is highly resource intensive and can take a long time to complete, depending on the complexity of the passwords, machine configuration, and the number of characters set. Additionally, it is important to note that the default character set is limited to a-zA-Z0-9. Therefore, if we attempt to crack complex passwords with special characters, we need to use a custom character set.
Cracking Files
Tool
Description
pdf2john
Converts PDF documents for John
ssh2john
Converts SSH private keys for John
mscash2john
Converts MS Cash hashes for John
keychain2john
Converts OS X keychain files for John
rar2john
Converts RAR archives for John
pfx2john
Converts PKCS#12 files for John
truecrypt_volume2john
Converts TrueCrypt volumes for John
keepass2john
Converts KeePass databases for John
vncpcap2john
Converts VNC PCAP files for John
putty2john
Converts PuTTY private keys for John
zip2john
Converts ZIP archives for John
hccap2john
Converts WPA/WPA2 handshake captures for John
office2john
Converts MS Office documents for John
wpa2john
Converts WPA/WPA2 handshakes for John
More of these tools can be found:
Last updated