John The Ripper

John is a state of the art offline password cracking tool. John better known as John The Ripper(JTR) combines many forms of password crackers into one single tool. It automatically detects the type of password & tries to crack them with either bruteforceing the encrypted hash or by using a dictionary attack on it. JTR supports It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.

Pentesters use JTR to check the password complexity assuring a dictionary attack is not possible on the system under test.As JTR is an offline tool, one has to get(steal) the password containing files from the target system. Johnny is the GUI mode of JTR

[email protected]:~# john
Created directory: /root/.john
John the Ripper password cracker, version [linux-x86-64-avx]
Copyright (c) 1996-2015 by Solar Designer and others

–single[=SECTION] “single crack” mode
–wordlist[=FILE] –stdin wordlist mode, read words from FILE or stdin
–pipe like –stdin, but bulk reads, and allows rules
–loopback[=FILE] like –wordlist, but fetch words from a .pot file
–dupe-suppression suppress all dupes in wordlist (and force preload)
–prince[=FILE] PRINCE mode, read words from FILE
–encoding=NAME input encoding (eg. UTF-8, ISO-8859-1). See also
doc/ENCODING and –list=hidden-options.
–rules[=SECTION] enable word mangling rules for wordlist modes
–incremental[=MODE] “incremental” mode [using section MODE]
–mask=MASK mask mode using MASK
–markov[=OPTIONS] “Markov” mode (see doc/MARKOV)
–external=MODE external mode or word filter
–stdout[=LENGTH] just output candidate passwords [cut at LENGTH]
–restore[=NAME] restore an interrupted session [called NAME]
–session=NAME give a new session the NAME
–status[=NAME] print status of a session [called NAME]
–make-charset=FILE make a charset file. It will be overwritten
–show[=LEFT] show cracked passwords [if =LEFT, then uncracked]
–test[=TIME] run tests and benchmarks for TIME seconds each
–users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
–groups=[-]GID[,..] load users [not] of this (these) group(s) only
–shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only
–salts=[-]COUNT[:MAX] load salts with[out] COUNT [to MAX] hashes
–save-memory=LEVEL enable memory saving, at LEVEL 1..3
–node=MIN[-MAX]/TOTAL this node’s number range out of TOTAL count
–fork=N fork N processes
–pot=NAME pot file to use
–list=WHAT list capabilities, see –list=help or doc/OPTIONS
–format=NAME force hash of type NAME. The supported formats can
be seen with –list=formats and –list=subformats

Share and Enjoy...Tweet about this on TwitterShare on FacebookGoogle+Share on StumbleUponshare on Tumblr


Welcome! I am Jedite83, a geek-of-all-trades and founder of Hacker Labs - The Geek and Otaku Blog.