John the Ripper (JtR) is one of the hacking tools the Varonis IR Team used in the first Live Cyber Attack demo, and one of the most popular password cracking programs out there. In this blog post, we are going to dive into John the Ripper, show you how it works, and explain why it’s important.
John Package Description. John the Ripper is designed to be both feature-rich and fast. It combines several cracking modes in one program and is fully configurable for your particular needs (you can even define a custom cracking mode using the built-in compiler supporting a subset of C). Also, John is available for several different platforms.
Notes about hacking: Hacking is a pursuit of knowledge about systems, design, and humans. In this case, we are talking about software and operating systems.
Get the Free Pen Testing Active Directory Environments EBook
John The Ripper can be installed in many ways. A few common ones are we can install it by using apt-get or snap. Open up the terminal and run the following commands. Ubuntu@mypc:$ sudo apt-get install john -y. This will initiate an installation process. Once it finishes type ‘john’ in the terminal. Ubuntu@mypc:$ john. Installing and Downloading John the Ripper in Kali Linux. First, we need to install John The Ripper, it comes preinstalled in Kali Linux. To install in other Linux Os simply use command. # sudo apt-get install john. For Windows, Mac and Android go to the official site of JTR. Type John in terminal to see options.
Hacking is not necessarily criminal, although it can be a tool used for bad intentions. We advocate for ethical hacking. Stay in the light side of the Force.
How Does John the Ripper Work?
JtR supports several common encryption technologies out-of-the-box for UNIX and Windows-based systems. (ed. Mac is UNIX based). JtR autodetects the encryption on the hashed data and compares it against a large plain-text file that contains popular passwords, hashing each password, and then stopping it when it finds a match. Simple.
In our amazing Live Cyber Attack demo, the Varonis IR team demonstrates how to steal a hashed password, use JtR to find the true password, and use it to log into an administrative account. That is a very common use case for JtR!
JtR also includes its own wordlists of common passwords for 20+ languages. These wordlists provide JtR with thousands of possible passwords from which it can generate the corresponding hash values to make a high-value guess of the target password. Since most people choose easy-to-remember passwords, JtR is often very effective even with its out-of-the-box wordlists of passwords.
JtR is included in the pentesting versions of Kali Linux.
What is John the Ripper Used for?
JtR is primarily a password cracker used during pentesting exercises that can help IT staff spot weak passwords and poor password policies.
Here is the list of encryption technologies found in JtR:
- UNIX crypt(3)
- Traditional DES-based
- “bigcrypt”
- BSDI extended DES-based
- FreeBSD MD5-based (linux and Cisco IOS)
- OpenBSD Blowfish-based
- Kerberos/AFS
- Windows LM (DES-based)
- DES-based tripcodes
- SHA-crypt hashes (newer versions of Fedora and Ubuntu)
- SHA-crypt and SUNMD5 hashes (Solaris)
That’s the “official” list. JtR is open-source, so if your encryption of choice isn’t on the list do some digging. Someone might have already written an extension for it.
How to Download John the Ripper
JtR is an open-source project, so you can either download and compile the source on your own, download the executable binaries, or find it as part of a penetration testing package.
The official website for John the Ripper is on Openwall. You can grab the source code and binaries there, and you can join the GitHub to contribute to the project.
JtR is available on Kali Linux as part of their password cracking metapackages.
Tutorials for Using John the Ripper
We are going to go over several of the basic commands that you need to know to start using John the Ripper. To get started all you need is a file that contains a hash value to decrypt.
If you ever need to see a list of commands in JtR, run this command:
Cracking Passwords
John the Ripper’s primary modes to crack passwords are single crack mode, wordlist mode, and incremental. The single crack mode is the fastest and best mode if you have a full password file to crack. Wordlist mode compares the hash to a known list of potential password matches. Incremental mode is the most powerful and possibly won’t complete. This is your classic brute force mode that tries every possible character combination until you have a possible result.
The easiest way to try cracking a password is to let JtR go through a series of common cracking modes. This command below tells JtR to try “simple” mode, then the default wordlists containing likely passwords, and then “incremental” mode.
You can also download different wordlists from the Internet, and you can create your own new wordlists for JtR to use with the –wordlist parameter.
If you want to specify a cracking mode use the exact parameter for the mode.
Word Mangling Rules
Mangling is a preprocessor in JtR that optimizes the wordlist to make the cracking process faster. Use the –rules parameter to set the mangling rules.
Viewing Your Output
When you want to see the list of passwords that you have cracked, use the –show parameter.
If your cracked password list is long, you can filter the list with additional parameters. You can also redirect the output using basic redirection in your shell. For example, if you want to see if you cracked any root users (UID=0) use the –users parameter.
Or if you want to show users from privileged groups use –groups.
Below is the JtR command from our Live Cyber Attack Webinar. In this scenario, our hacker used kerberoast to steal a Kerberos ticket granting ticket(TGT) containing the hash to be cracked, which was saved in a file called ticket.txt. In our case, the wordlist used is the classic rockyou password file from Kali Linux, and the command was set to report progress every 3 seconds.
If you want to see some cool pentesting and defense tactics using Varonis, check out the Live Cyber Attack Webinars! Pick any time that works for you!
|
John the Ripper FAQ.
The latest version of this FAQ may be viewed online at:
Help! I can't run John.
If you're not familiar with your OS, you should probably not be usingJohn in the first place since John is primarily a tool for systemadministrators. This is starting to change with the 'communityenhanced' -jumbo versions' support for things such as password-protectedarchives, though.
Here are the answers to a few (not very) common questions to avoidhaving them asked over and over and for amusement. For more seriousmatters, please skip over to the next section.
Q: When I type 'john' (or 'john passwd', etc.), it says 'command notfound' (or equivalent)?!
A: The examples given in John the Ripper documentation assume that youknow how to invoke newly-built programs from your shell. On Unix-likesystems, it is typical to not have '.' (the current directory) in your$PATH (the list of directories to search for programs). In that case,you need to type './john' (dot, slash, and 'john', without the quotes)to invoke the John binary executable located in the current directory.
Q: ...but I am on a Unix-like system and I don't seem to readily have aJohn binary executable.
A: Please follow the instructions in INSTALL.
Q: When I double-click on 'john.exe', a window flashes and disappears?!
A: You're not supposed to click. You're supposed to run John from acommand-line shell. On Windows, some of those shells would be cmd.exe,command.com, or bash (the latter is available with Cygwin).
Other typical new user questions.
Q: How do I start John on my password file, use a specific crackingmode, see the passwords it cracked, etc?
A: See README and EXAMPLES. :-)
Q: Why doesn't John load my password file? It says 'No password hashesloaded', 'No password hashes loaded (see FAQ)', or 'No password hashesleft to crack (see FAQ)'.
A: Your password file taken from a Unix-like system might be shadowed.You need to get both /etc/passwd and the shadow file (typically/etc/shadow or /etc/master.passwd), and combine them into one file using'unshadow' (which is supplied with John). Please refer to EXAMPLES.
A: All of the password hashes found in the file (that are of the sametype as the very first recognized hash in the file unless you're usingthe '--format=...' option) might be already cracked by previousinvocations of John. (The message printed in that case has been changedto 'No password hashes left to crack (see FAQ)' starting with version1.7.7.) To display cracked passwords, use 'john --show' on yourpassword hash file(s). To force John to crack those same hashes again,remove the john.pot file.
A: With PWDUMP-format files, John focuses on LM rather than NTLM hashesby default, and it might not load any hashes at all if there are no LMhashes to crack. To have JtR Pro or a -jumbo version focus on NTLMhashes instead, you need to pass the '--format=nt' option. You'll alsoneed to use this option along with '--show'.
A: If you're using the '--format' option, try dropping it. Except forthe special case mentioned in the answer above, '--format' is normally away to choose one of multiple hash/cipher types found in the same fileor to clarify the hash/cipher type if it would otherwise be ambiguous(e.g., a 32 hexadecimal character string may correspond to one of manydistinct hash types). That is, you normally only need to use '--format'when John would otherwise misdetect your hash/cipher type (e.g., when itsays LM and you know that your hashes are in fact raw MD5, you'd use'--format=raw-md5' with -jumbo) or if it would load undesired entriesfrom the file. If John does not load anything, then your use of'--format' is probably unreasonable (or you should be using a differentversion/build of John - see the answer below).
A: Your password hash or cipher type(s) might not be supported by John,or at least by the version and build of John that you're using. Ifyou're using a non-jumbo version, you will likely want to try -jumboinstead, which supports a lot of additional hash and cipher types (e.g.,you currently need -jumbo for raw MD5). If unsuccessful with that andif other answers (above and below this one) don't apply, please post anote to the mailing list (see CONTACT) including a sample password fileline that John does not load (please make sure that the password isalready changed by the time you post).
A: John only loads properly formatted text files directly. It can load/etc/passwd and PWDUMP format files. Starting with version 1.7.6, itcan also load text files containing one password hash per line (andnothing else on that line). Some other file formats are supported viaextra tools (supplied with John): unafs (Kerberos AFS database files),undrop (Eggdrop IRC bot userfiles), ssh2john (OpenSSH private keys),pdf2john (some password-protected PDF files), rar2john (somepassword-protected RAR archives), zip2john (some password-protectedPKZIP and WinZip archives). You need -jumbo for most of these. To usethe proper one of these (for your file format), run it on your file(s)and redirect the output to a new file (using your shell's outputredirection feature - e.g., './ssh2john ~/.ssh/id_rsa > sshpasswd').Then run John on the resulting file (e.g., './john sshpasswd').
A: The file you're trying to run John on might in fact not be a passwordfile at all.
A: Your command line syntax might be wrong, resulting in John trying toload a wrong file.
Q: John appears to misdetect my hash type. I have raw MD5 hashes from aweb application, but John wrongly says they're LM hashes. How do I getthem detected correctly?
A: Some hash and cipher types use ambiguous encodings - e.g., a 32hexadecimal character string may correspond to one of many hash types,including raw MD5, LM, NTLM, and many others supported in -jumbo. Firstof all, you need a version and build of John that supports your hash andcipher type. Starting with version 1.7.7 (and 1.7.7-jumbo*) John willsuggest alternate hash and cipher types for encodings that it findsambiguous (that is, those corresponding to more than one of itssupported hash and cipher types). When doing so, it will suggestspecific '--format=...' options to use. For example, when you run arecent enough -jumbo version on raw MD5 hashes, it loads those as LM(because they could in fact be LM, as well as for compatibility withnon-jumbo), but it suggests that you use '--format=raw-md5', which iswhat you should in fact use in this case. It makes other suggestions aswell because it does not know whether your hashes are raw MD5 orsomething else. You're supposed to know this and choose the right oneof the suggested '--format=...' options. If you're not getting asuggestion like this from John 1.7.7 or newer even though you're not yetusing the '--format' option, this means that your version and build ofJohn does not recognize the encodings as ambiguous, which may mean thatit does not support the actual hash or cipher type that you have inmind. If you're already using the '--format' option, try dropping theoption to receive the suggestions. If you're using a non-jumbo versionof John, the first step is for you to try -jumbo instead. As of thiswriting, you do need -jumbo for some popular hash types such as raw MD5and NTLM.
How To Install John The Ripper Windows 7 Download
Q: What do the various numbers printed on the status line mean?
A: As of version 1.8.0, the status line may include: successful guesscount ('g'), session duration (in the D:HH:MM:SS format for days, hours,minutes, and seconds), progress indicator (percent done and optionallypass number out of the total number of passes), up to four speed metrics('g/s', 'p/s', 'c/s', and 'C/s'), and the current (range of) candidatepassword(s) being tested (John is often able to test multiple candidatepasswords in parallel for better performance, hence a range). The fourspeed metrics are as follows: g/s is successful guesses per second (soit'll stay at 0 until at least one password is cracked), p/s iscandidate passwords tested per second, c/s is 'crypts' (password hash orcipher computations) per second, and C/s is combinations of candidatepassword and target hash per second. Versions of John prior to 1.8.0displayed only the C/s rate (calling it c/s). When you restore apre-1.8.0 session with version 1.8.0 or newer, only the g/s and C/srates will be displayed, because the older .rec file format lackedinformation needed to compute p/s and c/s.
Q: I am running John for 10 days and it is still not finished?!
Q: How long should I expect John to run?
A: It primarily depends on the cracking mode(s) and on your passwordfiles (in particular, the type of hashes and the number of differentsalts, if applicable). Most importantly, you should note that the'incremental' mode, which a default John run (with no command lineoptions) proceeds with after being done with the quicker checks, is notsupposed to terminate in a reasonable time. It is up to you to decidehow long you're going to let it run, then consider any uncrackedpasswords strong enough. 'Single crack' mode runs typically take fromunder a second to one day (depending on the type and number of passwordhashes). Wordlist mode runs may also be quick (under a second) fortiny wordlists and fast hashes or they may take multiple days with largewordlists, with word mangling rules, and with slow hash types andsubstantial numbers of different salts. The status line John reportswhenever you hit a key includes a progress indicator (percent complete)for 'single crack' and wordlist modes. With no cracking mode requestedexplicitly, John will start with 'single crack' mode (pass 1), thenproceed with wordlist mode (pass 2), and finally with 'incremental' mode(pass 3). The pass numbers are reported on the status line, too. It isreasonable to let John reach 'incremental' mode (pass 3) and run thatfor a while (some days). You will notice that John's success rate (thenumber of passwords cracked per hour or per day) will be droppingrapidly. When you determine that the success rate is low enough, youinterrupt John.
Q: Does John support multi-processing or distributed processing?
A: Yes, but you need to explicitly enable this if desired. Startingwith version 1.8.0, there's the '--fork' option on Unix-like systems (tomake use of multiple CPUs and/or CPU cores in a single system) and the'--node' option on all systems (this one allows for a trivial form ofdistributed processing). The '--fork' and '--node' options may also beused together. Please refer to OPTIONS for a description of theseoptions. Additionally, there's built-in parallel processing supportusing OpenMP for all crypt(3) hash flavors (DES-, MD5-, andBlowfish-based) supported by John natively, and when running on Linux orSolaris also for the underlying system's thread-safe password hashingfunction. The latter is only reasonable to use for crypt(3) hash typesnot yet supported by John natively (such as for glibc 2.7+ SHA-crypthashes as used by recent versions of Fedora and Ubuntu, and for SunMD5hashes, which may optionally be enabled on Solaris). In 'communityenhanced' -jumbo versions, parallelization with OpenMP is also supportedfor many (but not all) of the hash and cipher types added in thoseversions (including for their built-in implementation of SHA-crypt).To use John's OpenMP support, you need to either use an existingOpenMP-enabled build (e.g., 'john-omp.exe' on Windows) or make anOpenMP-enabled build by uncommenting one of the OMPFLAGS lines near thebeginning of Makefile. This requires GCC 4.2 or newer, or anotherOpenMP-capable C compiler. For other hash or cipher types and/or todistribute the workload between multiple machines, other approaches needto be used. One of those approaches is to use the '--fork' and '--node'options. For a very small number of nodes (CPUs, CPU cores, and/ormachines), it is also reasonable to use a manual approach, such as tohave your nodes try different password lengths. This is easilyaccomplished with 'incremental' mode's 'MinLen' and 'MaxLen' settings(see CONFIG). You might not need to split the workload for 'singlecrack' and wordlist modes since these are typically relatively quick,although '--fork' and '--node' are supported for these modes too. Youmay safely run multiple instances of John in the same working directory,all writing to the same 'pot file' (this is a feature). You do,however, need to assign each of them a unique session name, with'--session' (please note that doing so does not eliminate the need toalso distribute the workload with '--node' or otherwise, as discussedabove). Other approaches, such as splitting password files naively(without regard to salts), are typically less efficient (in some casesto the extent where there's no speedup from using multiple nodes atall). Some other approaches, such as using MPI, are listed on the wikiat: https://openwall.info/wiki/john/parallelization
Q: Where do I get wordlists for use with John?
A: https://www.openwall.com/wordlists/
Q: Where do I get new versions of John the Ripper?
Q: Where do I get the source code for John?
Q: I only have the source code for John the Ripper, where do I get itpre-compiled for my OS (if supported)?
Q: What is the primary website for John the Ripper?
A: https://www.openwall.com/john/
Q: How can I contact you (the author)?
A: See CONTACT.
Questions sometimes asked by existing users.
Q: I've recently switched my system to Blowfish-based password hashes,but there are still some DES-based and MD5-based hashes in the passwordfile. How do I handle multiple hash types in one file?
A: Use the '--format=...' option to tell John which hashes you wouldlike it to load. Unfortunately, you will have to run John for each hashtype separately. This requirement may sometimes be avoided with the useof '--format=crypt', but this is not recommended. Please see thedescription of the '--format' option in OPTIONS for more detail.
Q: I have 10 users, but John said it loaded 15 password hashes. What'sgoing on?
A: Some extremely poorly designed hash types (Windows LM hashes andDES-based crypt(3) hashes known as 'bigcrypt') have a property thatallows John to split their encodings into two separate hashes(corresponding to 'halves' of plaintext passwords) on load. John thenproceeds to crack those hashes separately, so at a given time it mighthave only one of two halves of some passwords cracked. If interruptedand restarted, it would need to only load the hashes that correspond touncracked password halves, so the number of such hashes is what Johnreports (in all cases, for consistency).
Q: Are the strings tried with '-i' ('incremental' mode) random? Theycertainly look like they are almost random.
A: No, they are not. No single candidate password will be tried for asecond time and the order in which they are tried is in fact very smart:it is based on frequencies of different trigraphs, stored and processedseparately for each character position and for each password length.
Q: Why doesn't John display a progress indicator for the 'incremental'mode?
A: Do you really want to see a 0% all the time? As explained in MODES,'incremental' mode is not supposed to terminate in a reasonable time.(There are a few exceptions to this, so a progress indicator has beenadded in -jumbo and it might be added in official versions later.)
Q: I just noticed that the p/s, c/s, and C/s rates reported while using'incremental' mode are a lot lower than they are with other crackingmodes. Why is that?
A: You're probably running John for a few seconds only. The current'incremental' mode implementation uses large character sets, which needto be expanded into even larger data structures in memory each time Johnswitches to a different password length. Fortunately, this is onlynoticeable when John has just started since the length switches becomerare after a few minutes. For long-living sessions, which is where wecare about performance the most, this overhead is negligible. This is avery low price for the better order of candidate passwords tried.
Q: What are the 'real' and 'virtual' c/s rates as reported by '--test'?
A: These correspond to real and virtual (processor) time, respectively.When running single-threaded, the two results are normally almost thesame, but the 'real' c/s rate becomes smaller when the system is underother load, with the 'virtual' c/s rate indicating roughly what youcould expect to get from the same system if it were not loaded. Whenrunning multi-threaded, the 'real' c/s rate is normally much higher thanthe 'virtual' c/s rate, with the latter roughly indicating performanceof one thread on an otherwise idle system.
Q: How can I test John's password hashing routines for proper operation?
A: John always performs a self-test when you run it on a password fileand refuses to work if an error occurs. If you need to test all of thelow-level routines at once, use '--test'.
How To Install John The Ripper Windows 7 Free
Q: What is the format of the crash recovery files ('john.rec', other.rec's)? What do the numbers mean?
A: The format of these files is deliberately undocumented and is subjectto change without notice. (However, each release of John the Ripper islikely to be able to read .rec files produced by at least theimmediately preceding release. Whenever compatibility is broken, Johnwill refuse to recover the session, leaving the .rec file intact.)Although the meaning of some of the numbers that get into .rec files istrivial to explain, it is not possible to reasonably describe someothers without going into great detail on John internals. If you reallyneed to know, read the source code.
$Owl: Owl/packages/john/john/doc/FAQ,v 1.37 2019/05/19 15:10:04 solar Exp $