How to Use John the Ripper: Tips and Tutorials

John the Ripper (JtR) is one among the hacking tools the Varonis IR Team utilized in the primary Live Cyber Attack demo, and one among the foremost standard parole cracking programs out there. during this diary post, we have a tendency to ar attending to dive into John the Ripper, show you the way it works, and justify why it’s vital.

Notes regarding hacking: Hacking could be a pursuit of data regarding systems, design, and humans. during this case, we have a tendency to ar talking regarding software systems and operating systems.

Get the Free Pen Testing Active Directory Environments EBook

“This very opened my eyes to AD security in an exceedingly means defensive work ne'er did.”

Hacking isn't essentially criminal, though it is a tool used for unhealthy intentions. we have a tendency to advocate for moral hacking. keep within the lightweight aspect of the Force.

How will John the Ripper Work?

In our wonderful Live Cyber Attack demo, the Varonis IR team demonstrates a way to steal a hashed parole, use JTR to seek out verity parole, associate degreed use it to log into a body account. that's an awfully common use case for JTR!

JtR conjointly includes its own wordlists of common passwords for 20+ languages. These wordlists give JtR thousands of doable paroles from that it will generate the corresponding hash values to form a high-value guess of the target password. Since the general public opts for easy-to-remember passwords, JtR is commonly terribly effective even with its out-of-the-box wordlists of passwords.

JTR is enclosed within the pentesting versions of the Kali UNIX operating system.

What is John the Ripper Used for?

JTR is primarily a parole cracker used throughout pentesting exercises which will facilitate IT employees to spot weak paroles and poor password policies.

Here is that the list of cryptography technologies found in JtR:

• UNIX crypt(3)
• Traditional DES-based
• “big crypt”
• BSDI extended DES-based
• FreeBSD MD5-based (Linux and Cisco IOS)
• OpenBSD Blowfish-based
• Kerberos/AFS
• Windows lumen (DES-based)
• DES-based tripcodes
• SHA-crypt hashes (newer versions of a felt hat and Ubuntu)
• SHA-crypt and SUNMD5 hashes (Solaris)

That’s the “official” list. JTR is an ASCII text file, thus if your cryptography of alternative isn’t on the list do some creating by removal. somebody might need already a written associate degree extension for it.

How to transfer John the Ripper

JTR is an associate degree ASCII text file project, thus you'll be able to either transfer and compile the supply on your own, transfer the possible binaries, or notice it as a part of a penetration testing package.

The official website for John the Ripper is on Openwall. you'll be able to grab the ASCII text file and binaries there, and you'll be able to be a part of GitHub to contribute to the project.

JTR is obtainable on Kali UNIX operating system as a part of their parole cracking meta-packages. 

Tutorials for mistreatment John the Ripper

We are attending to re-examine many of the fundamental commands that you just got to recognize to begin mistreatment John the Ripper. to urge started all you wish could be a file that contains a hash price to decode. 

If you ever got to see an inventory of commands in JtR, run this command:

1. .\john.exe

Cracking Passwords

1. .\john.exe passwordfile

You can conjointly transfer totally different wordlists from the web, and you'll be able to produce your own new wordlists for JtR to use with the –wordlist parameter.

1. .\john.exe passwordfile –wordlist=”wordlist.txt”

If you would like to specify a cracking mode use the precise parameter for the mode.

.\john.exe --single passwordfile 
.\john.exe --incremental passwordfile

Word Mangling Rules

Mangling could be a preprocessor in JtR that optimizes the wordlist to form the cracking method quicker. Use the –rules parameter to line the mangling rules.

1. .\john.exe --wordlist=”wordlist.txt” --rules --passwordfile

Viewing Your Output

When you wish to check the list of passwords that you just have cracked, use the –show parameter. 

1. .\john.exe –show passwordfile

If your cracked parole list is long, you'll be able to filter the list with extra parameters. you'll be able to conjointly send the output mistreatment basic redirection in your shell. for instance, if you would like to check if you cracked any root users (UID=0) use the –users parameter.

1. .\john.exe --show --users=0 passwordfile

Or if you would like to indicate users from privileged teams use –groups.

1. .\john.exe –-show –-groups=0,1 passwordfile

Below is that the JtR command from our Live Cyber Attack Webinar. during this state of affairs, our hacker used Kerberos to steal a Kerberos price tag granting ticket(TGT) containing the hash to be cracked, that was saved in an exceedingly file referred to as price tag.txt. In our case, the wordlist used is that the classic rockyou parole file from Kali UNIX operating system, and therefore the command was set to report progress every three seconds.

1. .\john.exe "--format=krb5tgs" "ticket.txt" "--wordlist=”rockyou.txt" "--progress-every=3"

If you would like to check some cool pentesting and defense techniques mistreatment cyberchipe, check up on the Live Cyber Attack Webinars! choose any time that works for you!