Categories: Password Attacks

John The Ripper – One Stop Password Audit Tool

John The Ripper – A one stop password audit tool for various formats

John is a state of the art offline password cracking tool. John was better known as John The Ripper(JTR) combines many forms of password crackers into one single tool. It automatically detects the type of password & tries to crack them with either bruteforceing the encrypted hash or by using a dictionary attack on it.

JTR supports It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash.

Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.

Pentesters use JTR to check the password complexity assuring a dictionary attack is not possible on the system under test. As JTR is an offline tool, one has to get(steal) the password containing files from the target system. Johnny is the GUI mode of JTR.

Options

The file menu is used for opening hash-dumped or the encrypted password file & to change sessions.

Attack menu deals with attack options(Start/Stop/Pause)

Johnny Main Window

On the left pane, 4 options are there.

  • Passwords tab shows the currently loaded users & their encryption details from the file loaded.
  • Options tab helps you to tune how john works to crack the password. (Default, Incremental, Wordlist mode etc)
  • Statistics tab shows the current statistics once the attack has started.
  • Settings allow you to edit the main settings for the john engine like the path to the binaries, timing etc.
  • Output tab shows the result of the attack once passwords get cracked.

John Homepage: http://www.openwall.com/john/

Lab 1: Break Weak Unix password

In this lab, we’ll look at breaking a week Unix password. For that first, we have to understand the files containing the authentication information. In unix/linux “passwd” file located at /etc/passwd contains all user information. “shadow” file located at /etc/shadow contains the SHA encrypted password of each of the users found in passwd file.

For this lab, we have a passwd & shadow file from a remote system stolen with other tools (explained within this series) located in the Desktop folder.

Step 1: Combine the passwd & shadow file to one file named crack

Command : cat /etc/passwd > Desktop/crack && cat /etc/shadow >> Desktop/crack
Combining Passwd & Shadow

Then try reading the files individually with any text editor you like(leafpad, nano, vim, or simply cat it). The above command reads the content of passwd file into a new file named crack and then reads & appends the contents of the shadow file into the crack file.

John Attacks!

In the above image, the highlighted section indicates the end of passwd file & beginning of shadow file.

Step 3: Load it to Johnny

User Accounts & Details listed from a file loaded

Step 4: Click start attack to start the attack!

Step 5: Return to the Passwords tab and see the password

Results appear as they get cracked

Note: Sometimes the auto detect option in the options tab doesn’t work. If so use the exact type of format. In Unix it is a SHA512 crypt. So use Crypt format. Also the time it takes to crack the password hashes depends on its complexity.

So don’t hesitate to make your passwords as complex as possible!

Windows NTLM Comming Soon…!

Read More on shadow file

Ravi Sankar

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

17 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

18 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago