John the Ripper: Comprehensive Guide

Installation

Kali Linux: Pre-installed; verify by running:

john --version

Other Distributions:
For Ubuntu/Debian, install with:

sudo apt install john

From Source:
Download from the official repository.
Extract and compile:

tar -xzf john-*.tar.gz

cd john-*

./configure

make

Basic Usage

Check Installation:

john --version

Cracking Password Hashes

Prepare Hashes: Create a text file (e.g.,

hashes.txt

) with password hashes.
Run John with a Wordlist:

john --wordlist= hashes.txt

Supported Hash Formats

List available formats:

john --list=formats

Specify format if necessary:

john --format= hashes.txt

Show Cracked Passwords

Display cracked passwords:

john --show hashes.txt

Incremental Mode

For brute-force cracking:

john --incremental hashes.txt

Using a Custom Wordlist

Create a custom wordlist:

echo -e "password123\n123456\nqwerty" > custom.txt

Use it for cracking:

john --wordlist=custom.txt hashes.txt

Using Rules for Password Generation

Utilize rules to modify wordlists:

john --wordlist= --rules hashes.txt

Incremental Cracking with Custom Charset

Define a custom character set:

john --incremental=CustomCharset --chars='abcde1234' hashes.txt

Session Management

Save progress:

john --session=my_session hashes.txt

Resume session:

john --restore=my_session

Cracking Specific Hash Types

MD5:

john --format=md5 hashes.txt

SHA-256:

john --format=sha256 hashes.txt

bcrypt:

john --format=bcrypt hashes.txt

Using John the Ripper with Other Tools

hashcat: For more advanced attacks, consider using it alongside John the Ripper.
pwdump: Use with pwdump to extract hashes from Windows systems.

Common Commands Overview

List formats:

john --list=formats

Crack specific hash:

john --format= --wordlist= hashes.txt

Show cracked passwords:

john --show hashes.txt

Advanced Options

Enable verbose output:

john --verbose hashes.txt

Adjust the number of threads for performance:

john --fork=4 hashes.txt