John the Ripper
From charlesreid1
John the Ripper is a tool for password cracking and recovery.
John is part of the Kali Top 10
Contents
How It Works
John works great with other programs, since it does many things well, and each of those capabilities are valuable on their own and can be combined with other programs. For an example, see Aircrack and John the Ripper
Password Generation
First, John has a powerful password generation mechanism. It does not simply take wordlists. It can generate many, many more passwords from those wordlists. For example, starting with a list of the 10,000 most common passwords, John can create additional lists with 400,000 or 8 million additional password variations to try. You can carefully control how those variations are generated to target your password search as you go.
Password Testing and Encryption
Second, John has support for many encryption mechanisms built-in, so it can handle a wide variety of password files. If you have a Unix password file with a list of users and encrypted passwords, John can brute force it.
Using John on Shadow Files
Unix stores password hashes in the /etc/shadow file, and user information in the /etc/passwd file. John the Ripper can use this information to crack the passwords of Unix users.
John the Ripper/Shadow File - a guide to using John to crack passwords from an /etc/shadow file.
Using John as a Password Generator
You can feed John the Ripper a wordlist, and use it to generate a slew of variations on that wordlist, using rules. (For example, from a wordlist containing "password" you can generate the variants "p4ssw0rd", "Password", "password0000", etc.)
See John the Ripper/Password Generation
This can even be used in conjunction with the pw-inspector tool, which will take a list of passwords as inputs and return only those passwords that meet certain criteria. More info: http://tools.kali.org/password-attacks/hydra
Using John to Crack WPA
See the John the Ripper/WPA page for notes.
Using Rules with John
Recovering Passwords from John
A page on how to actually recover the passwords once John has cracked them: John the Ripper/Password Recovery
References
John documentation: http://www.openwall.com/john/doc/OPTIONS.shtml
A fantastic and thorough list of tutorials for beginners: http://openwall.info/wiki/john/tutorials
WPA/WPA2 with John: http://openwall.info/wiki/john/WPA-PSK
John/Defcon Crack Me If You Can Contest: http://contest-2010.korelogic.com/
Using the korelogic rules: http://contest-2010.korelogic.com/rules.html
all the rules: http://openwall.info/wiki/_media/john/korelogic-rules-20100801.txt
Bunches of John + MPI tutorials: http://openwall.info/wiki/john/tutorials
 |
john the ripper password generator and all-around cracking tool.
Testing John: John the Ripper/Benchmarking Using John on Password generation using rules and modes: John the Ripper/Password Generation Installing some useful password rules: John the Ripper/Rules Using John to feed password guesses to Aircrack: Aircrack and John the Ripper John the Ripper on AWS: Ubuntu/Barebones to JtR Getting Passwords from John: John the Ripper/Password Recovery
|