John the Ripper - Kali Linux
Video Tutorial :
John the Ripper or JTR is one of the most powerful password cracking tool out there. John differs from others password cracking tools in the sense that it does not rely only on blind brute forcing of hashes, instead it offers different cracking modes as well as custom cracking mode. The most important feature of John is the word mangling rules. Instead of blind bruteforce John mangles each entry in a wordlist to produce different password combinations and tests them against the hashed password. Four cracking modes offered by John are :
1. Wordlist Mode
This is the simplest cracking mode supported by John. All you need to do is specify a wordlist (a text file containing one word per line) and some password files. You can enable word mangling rules (which are used to modify or "mangle" words producing other likely passwords). If enabled, all of the rules will be applied to every line in the wordlist file producing multiple candidate passwords from each source word.
The wordlist should not contain duplicate lines. John does not sort entries in the wordlist since that would consume a lot of resources and would prevent you from making John try the candidate passwords in the order that you define (with more likely candidate passwords listed first). However, if you don't list your candidate passwords in a reasonable order, it'd be better if you sort the wordlist alphabetically: with some hash types, John runs a bit faster if each candidate password it tries only differs from the previous one by a few characters. Most wordlists that you may find on the Net are already sorted anyway.
On the other hand, if your wordlist is sorted alphabetically, you do not need to bother about some wordlist entries being longer than the maximum supported password length for the hash type you're cracking. To give an example, for traditional DES-based crypt(3) hashes only the first 8 characters of passwords are significant. This means that if there are two or more candidate passwords in the wordlist whose first 8 characters are exactly the same, they're effectively the same 8 character long candidate password which only needs to be tried once. As long as the wordlist is sorted alphabetically, John is smart enough to handle this special case right.
In fact, it is recommended that you do not truncate candidate passwords in your wordlist file since the rest of the characters (beyond the length limit of your target hash type) are likely still needed and make a difference if you enable word mangling rules.
2.Single CrackThis is the mode you should start cracking with. It will use the login names, "GECOS" / "Full Name" fields, and users' home directory names as candidate passwords, also with a large set of mangling rules applied. Since the information is only used against passwords for the accounts it was taken from (and against password hashes which happened to be assigned the same salt), "single crack" mode is much faster than wordlist mode. This permits for the use of a much larger set of word mangling rules with "single crack", and their use is always enabled with this mode. Successfully guessed passwords are also tried against all loaded password hashes just in case more users have the same password.
Note that running this mode on many password files simultaneously may sometimes get more passwords cracked than it would if you ran it on the individual password files separately. Mode
3. Incremental Mode
This is the most powerful cracking mode, it can try all possible character combinations as passwords. However, it is assumed that cracking with this mode will never terminate because of the number of combinations being too large (actually, it will terminate if you set a low password length limit or make it use a small charset), and you'll have to interrupt it earlier.
That's one reason why this mode deals with trigraph frequencies, separately for each character position and for each password length, to crack as many passwords as possible within a limited time.
To use the mode you need a specific definition for the mode's parameters, including password length limits and the charset to use. These parameters are defined in the configuration file sections called [Incremental:MODE], where MODE is any name that you assign to the mode (it's the name that you will need to specify on John's command line). You can either use a pre-defined incremental mode definition or define a custom one.
4.Custom Crack Mode
John the Ripper or JTR is one of the most powerful password cracking tool out there. John differs from others password cracking tools in the sense that it does not rely only on blind brute forcing of hashes, instead it offers different cracking modes as well as custom cracking mode. The most important feature of John is the word mangling rules. Instead of blind bruteforce John mangles each entry in a wordlist to produce different password combinations and tests them against the hashed password. Four cracking modes offered by John are :
1. Wordlist Mode
This is the simplest cracking mode supported by John. All you need to do is specify a wordlist (a text file containing one word per line) and some password files. You can enable word mangling rules (which are used to modify or "mangle" words producing other likely passwords). If enabled, all of the rules will be applied to every line in the wordlist file producing multiple candidate passwords from each source word.
The wordlist should not contain duplicate lines. John does not sort entries in the wordlist since that would consume a lot of resources and would prevent you from making John try the candidate passwords in the order that you define (with more likely candidate passwords listed first). However, if you don't list your candidate passwords in a reasonable order, it'd be better if you sort the wordlist alphabetically: with some hash types, John runs a bit faster if each candidate password it tries only differs from the previous one by a few characters. Most wordlists that you may find on the Net are already sorted anyway.
On the other hand, if your wordlist is sorted alphabetically, you do not need to bother about some wordlist entries being longer than the maximum supported password length for the hash type you're cracking. To give an example, for traditional DES-based crypt(3) hashes only the first 8 characters of passwords are significant. This means that if there are two or more candidate passwords in the wordlist whose first 8 characters are exactly the same, they're effectively the same 8 character long candidate password which only needs to be tried once. As long as the wordlist is sorted alphabetically, John is smart enough to handle this special case right.
In fact, it is recommended that you do not truncate candidate passwords in your wordlist file since the rest of the characters (beyond the length limit of your target hash type) are likely still needed and make a difference if you enable word mangling rules.
2.Single CrackThis is the mode you should start cracking with. It will use the login names, "GECOS" / "Full Name" fields, and users' home directory names as candidate passwords, also with a large set of mangling rules applied. Since the information is only used against passwords for the accounts it was taken from (and against password hashes which happened to be assigned the same salt), "single crack" mode is much faster than wordlist mode. This permits for the use of a much larger set of word mangling rules with "single crack", and their use is always enabled with this mode. Successfully guessed passwords are also tried against all loaded password hashes just in case more users have the same password.
Note that running this mode on many password files simultaneously may sometimes get more passwords cracked than it would if you ran it on the individual password files separately. Mode
3. Incremental Mode
This is the most powerful cracking mode, it can try all possible character combinations as passwords. However, it is assumed that cracking with this mode will never terminate because of the number of combinations being too large (actually, it will terminate if you set a low password length limit or make it use a small charset), and you'll have to interrupt it earlier.
That's one reason why this mode deals with trigraph frequencies, separately for each character position and for each password length, to crack as many passwords as possible within a limited time.
To use the mode you need a specific definition for the mode's parameters, including password length limits and the charset to use. These parameters are defined in the configuration file sections called [Incremental:MODE], where MODE is any name that you assign to the mode (it's the name that you will need to specify on John's command line). You can either use a pre-defined incremental mode definition or define a custom one.
4.Custom Crack Mode
Comments
Post a Comment