# John The Ripper ## Introduction * John the Ripper is one of the most well-known and versatile hash cracking tools available. It can automatically detect hash types and select appropriate rules and formats for cracking, though its automatic detection isn’t always reliable. * Basic Syntax: `john ` * Automatic Hash Detection: `john --wordlist= ` * Example 1: `john --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt` * Example 2: `john --wordlist=/usr/share/wordlists/rockyou.txt hash2.txt` * Since John’s automatic hash detection isn’t always reliable, you can use the hash identifier tool: `/usr/share/hash-identifier/hash-id.py` * If it’s not installed, download it with:`wget https://gitlab.com/kalilinux/packages/hash-identifier/-/raw/kali/master/hash-id.py` * Run it using Python:`python3 /usr/share/hash-identifier/hash-id.py` Paste the hash into the tool to identify its type. * After identifying the hash format, run John with the format specified: `john --format= --wordlist= ` * Example 1: `john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash_to_crack.txt` * Example 2: `john --format=whirlpool --wordlist=/usr/share/wordlists/rockyou.txt hash4.txt` * Example 3: `john --format=nt --wordlist=/usr/share/wordlists/rockyou.txt ntlm.txt` ## Cracking the /etc/shadow File * Before cracking the `/etc/shadow` file, convert it using John’s built-in tool: `unshadow ` * Example 1: `sudo unshadow /etc/passwd /etc/shadow > unshadowed.txt` * In single crack mode, John uses information from the username to generate password guesses heuristically: `john --single --format= ` * Example 1: `john --single --format=raw-sha256 hashes.txt` * When using single crack mode, ensure that the hash file includes the username followed by a colon and then the hash (e.g., `mike:1efee03cdcb96d90ad48ccc7b8666033`). * Example 1: `mike:1efee03cdcb96d90ad48ccc7b8666033` * Example 2: `Joker:7bf6d9bb82bed1302f331fc6b816aada` ## Custom Rules * Many organizations enforce password complexity rules, but users are often predictable with where symbols and numbers are placed (for example, a capital letter at the start and a number or symbol at the end). * Custom rules allow you to exploit this predictability. These rules are defined in the `john.conf` file (usually located in `/etc/john/john.conf`). * The full syntax of the custom rules language can be found in the Wiki of the tool. * The custom rules language includes syntax such as: * `Az` – Append the specified characters to the word. * `A0` – Prepend the specified characters to the word. * `c` – Capitalize a character positionally. * To define which characters to use, place the character sets in square brackets (`[ ]`) after the modifier patterns in double quotes. Examples include: * `[0-9]` – Numbers 0 to 9. * `[0]` – Only the number 0. * `[A-z]` – Uppercase and lowercase letters. * `[A-Z]` – Only uppercase letters. * `[a-z]` – Only lowercase letters. * `[a]` – Only the letter a. * `[!£$%@]` – The symbols `!£$%@`. * Call a custom rule in John using the `--rule=` flag. ## Other Types of Cracking * John the Ripper can also crack password-protected zip files, rar files, and SSH encrypted keys. For these, you must convert the file into a format that John can understand using specific tools: * For each of these, similarly to the unshadow tool that we used previously, we're going to be using a specific tool to convert the file into a hash format that John is able to understand. * `zip2john > ` - Used to convert the ZIP file into a format the John can understand. * `rar2john > ` - Used to convert the RAR file into a format that John can understand. * `ssh2john > ` - Used to convert the SSH key file into a format that John can understand. * `john --wordlist= ` - Used to try and crack any of the mentioned files (after conversion) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kayra.gitbook.io/hackerkayra/tools/john-the-ripper.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.