John The Ripper
Table of Contents
Single Crack Mode
john --format=<hash_type> <hash or hash_file>
we can check the progress by running the john --show command
Cracking with John
| Hash Format | Example Command | Description |
|---|---|---|
| afs | john --format=afs hashes_to_crack.txt | AFS (Andrew File System) password hashes |
| bfegg | john --format=bfegg hashes_to_crack.txt | bfegg hashes used in Eggdrop IRC bots |
| bf | john --format=bf hashes_to_crack.txt | Blowfish-based crypt(3) hashes |
| bsdi | john --format=bsdi hashes_to_crack.txt | BSDi crypt(3) hashes |
| crypt(3) | john --format=crypt hashes_to_crack.txt | Traditional Unix crypt(3) hashes |
| des | john --format=des hashes_to_crack.txt | Traditional DES-based crypt(3) hashes |
| dmd5 | john --format=dmd5 hashes_to_crack.txt | DMD5 (Dragonfly BSD MD5) password hashes |
| dominosec | john --format=dominosec hashes_to_crack.txt | IBM Lotus Domino 6/7 password hashes |
| EPiServer SID hashes | john --format=episerver hashes_to_crack.txt | EPiServer SID (Security Identifier) password hashes |
| hdaa | john --format=hdaa hashes_to_crack.txt | hdaa password hashes used in Openwall GNU/Linux |
| hmac-md5 | john --format=hmac-md5 hashes_to_crack.txt | hmac-md5 password hashes |
| hmailserver | john --format=hmailserver hashes_to_crack.txt | hmailserver password hashes |
| ipb2 | john --format=ipb2 hashes_to_crack.txt | Invision Power Board 2 password hashes |
| krb4 | john --format=krb4 hashes_to_crack.txt | Kerberos 4 password hashes |
| krb5 | john --format=krb5 hashes_to_crack.txt | Kerberos 5 password hashes |
| LM | john --format=LM hashes_to_crack.txt | LM (Lan Manager) password hashes |
| lotus5 | john --format=lotus5 hashes_to_crack.txt | Lotus Notes/Domino 5 password hashes |
| mscash | john --format=mscash hashes_to_crack.txt | MS Cache password hashes |
| mscash2 | john --format=mscash2 hashes_to_crack.txt | MS Cache v2 password hashes |
| mschapv2 | john --format=mschapv2 hashes_to_crack.txt | MS CHAP v2 password hashes |
| mskrb5 | john --format=mskrb5 hashes_to_crack.txt | MS Kerberos 5 password hashes |
| mssql05 | john --format=mssql05 hashes_to_crack.txt | MS SQL 2005 password hashes |
| mssql | john --format=mssql hashes_to_crack.txt | MS SQL password hashes |
| mysql-fast | john --format=mysql-fast hashes_to_crack.txt | MySQL fast password hashes |
| mysql | john --format=mysql hashes_to_crack.txt | MySQL password hashes |
| mysql-sha1 | john --format=mysql-sha1 hashes_to_crack.txt | MySQL SHA1 password hashes |
| NETLM | john --format=netlm hashes_to_crack.txt | NETLM (NT LAN Manager) password hashes |
| NETLMv2 | john --format=netlmv2 hashes_to_crack.txt | NETLMv2 (NT LAN Manager version 2) password hashes |
| NETNTLM | john --format=netntlm hashes_to_crack.txt | NETNTLM (NT LAN Manager) password hashes |
| NETNTLMv2 | john --format=netntlmv2 hashes_to_crack.txt | NETNTLMv2 (NT LAN Manager version 2) password hashes |
| NEThalfLM | john --format=nethalflm hashes_to_crack.txt | NEThalfLM (NT LAN Manager) password hashes |
| md5ns | john --format=md5ns hashes_to_crack.txt | md5ns (MD5 namespace) password hashes |
| nsldap | john --format=nsldap hashes_to_crack.txt | nsldap (OpenLDAP SHA) password hashes |
| ssha | john --format=ssha hashes_to_crack.txt | ssha (Salted SHA) password hashes |
| NT | john --format=nt hashes_to_crack.txt | NT (Windows NT) password hashes |
| openssha | john --format=openssha hashes_to_crack.txt | OPENSSH private key password hashes |
| oracle11 | john --format=oracle11 hashes_to_crack.txt | Oracle 11 password hashes |
| oracle | john --format=oracle hashes_to_crack.txt | Oracle password hashes |
john --format=pdf hashes_to_crack.txt | PDF (Portable Document Format) password hashes | |
| phpass-md5 | john --format=phpass-md5 hashes_to_crack.txt | PHPass-MD5 (Portable PHP password hashing framework) password hashes |
| phps | john --format=phps hashes_to_crack.txt | PHPS password hashes |
| pix-md5 | john --format=pix-md5 hashes_to_crack.txt | Cisco PIX MD5 password hashes |
| po | john --format=po hashes_to_crack.txt | Po (Sybase SQL Anywhere) password hashes |
| rar | john --format=rar hashes_to_crack.txt | RAR (WinRAR) password hashes |
| raw-md4 | john --format=raw-md4 hashes_to_crack.txt | Raw MD4 password hashes |
| raw-md5 | john --format=raw-md5 hashes_to_crack.txt | Raw MD5 password hashes |
| raw-md5-unicode | john --format=raw-md5-unicode hashes_to_crack.txt | Raw MD5 Unicode password hashes |
| raw-sha1 | john --format=raw-sha1 hashes_to_crack.txt | Raw SHA1 password hashes |
| raw-sha224 | john --format=raw-sha224 hashes_to_crack.txt | Raw SHA224 password hashes |
| raw-sha256 | john --format=raw-sha256 hashes_to_crack.txt | Raw SHA256 password hashes |
| raw-sha384 | john --format=raw-sha384 hashes_to_crack.txt | Raw SHA384 password hashes |
| raw-sha512 | john --format=raw-sha512 hashes_to_crack.txt | Raw SHA512 password hashes |
| salted-sha | john --format=salted-sha hashes_to_crack.txt | Salted SHA password hashes |
| sapb | john --format=sapb hashes_to_crack.txt | SAP CODVN B (BCODE) password hashes |
| sapg | john --format=sapg hashes_to_crack.txt | SAP CODVN G (PASSCODE) password hashes |
| sha1-gen | john --format=sha1-gen hashes_to_crack.txt | Generic SHA1 password hashes |
| skey | john --format=skey hashes_to_crack.txt | S/Key (One-time password) hashes |
| ssh | john --format=ssh hashes_to_crack.txt | SSH (Secure Shell) password hashes |
| sybasease | john --format=sybasease hashes_to_crack.txt | Sybase ASE password hashes |
| xsha | john --format=xsha hashes_to_crack.txt | xsha (Extended SHA) password hashes |
| zip | john --format=zip hashes_to_crack.txt | ZIP (WinZip) password hashes |
Wordlist Mode (Dictionary Attack)
john --wordlist=<wordlist_file> --rules <hash_file>
Incremental Mode
the most time consuming, starting from 1 single char to more..
john --incremental <hash_file>
Cracking Files
> <tool> <file_to_crack> > file.hash
> pdf2john server_doc.pdf > server_doc.hash
> john server_doc.hash
# OR
> john --wordlist=<wordlist.txt> server_doc.hash
| Tool | Description |
|---|---|
pdf2john | Converts PDF documents for John |
ssh2john | Converts SSH private keys for John |
mscash2john | Converts MS Cash hashes for John |
keychain2john | Converts OS X keychain files for John |
rar2john | Converts RAR archives for John |
pfx2john | Converts PKCS#12 files for John |
truecrypt_volume2john | Converts TrueCrypt volumes for John |
keepass2john | Converts KeePass databases for John |
vncpcap2john | Converts VNC PCAP files for John |
putty2john | Converts PuTTY private keys for John |
zip2john | Converts ZIP archives for John |
hccap2john | Converts WPA/WPA2 handshake captures for John |
office2john | Converts MS Office documents for John |
wpa2john | Converts WPA/WPA2 handshakes for John |
> locate *2john*
/usr/bin/bitlocker2john
/usr/bin/dmg2john
/usr/bin/gpg2john
/usr/bin/hccap2john
/usr/bin/keepass2john
/usr/bin/putty2john
/usr/bin/racf2john
/usr/bin/rar2john
/usr/bin/uaf2john
/usr/bin/vncpcap2john
/usr/bin/wlanhcx2john
/usr/bin/wpapcap2john
...