Common modes in John the Ripper tool for Password Cracking
John the Ripper provides us various cracking modes, which we can apply as per our different needs and situations. Following are the three main modes which are mostly being used nowadays.
1. Dictionary Attack Mode: In this type of mode, John the Ripper uses a predefined list of possible passwords, which we call a dictionary or wordlist, for cracking passwords. It simply tries, word by word against the hashed password. This is a very effective way, as the password may be a usual word, or it may be a slight variation of one so we can find it in very less time. Dictionary attacks are usually the first attacks to crack a password, as they are fast and sometimes able to give quick results for weak passwords.
2. Brute Force Attack Mode: If a dictionary attack fails, John the Ripper can switch to brute force mode to find the password. In this mode, the tool tries all possible combinations of characters until finding the correct password. Brute force attacks can be time-consuming, attack especially in the situation where we are trying to find longer and more complex passwords. Brute force attack mode can be profitable when we have a high computing system and then it can break passwords in very little time.
3. Incremental Mode: The incremental mode in John the Ripper is used to generate and test passwords based on our specified rules and character sets. It starts with simple passwords and it increases their complexity step by step. it is more efficient than pure brute force attacks in certain cases where we have our original password near to our testing password.
To understand in a better way how to use John the Ripper in Kali Linux let’s see the below demo which shows how we can crack passwords using John the Ripper in Kali Linux.
How to use John the Ripper in Kali Linux
John the Ripper, which in general we all know as John is a very popular and free password-cracking tool that is included by default in the Kali Linux Operating System. John tool was first introduced in 1996 and nowadays it has become an important tool for security researchers and professionals for analyzing passwords and also for cracking passwords. John the Ripper is an optimized tool to recover lost passwords and assess the strength of password protection systems through its dictionary and brute-force attacks for hashed passwords. It can work across many different types of hashing, such as MD5 and SHA1, SHA2, NTLM, and many other hash-type passwords. John the Ripper can also automatically detect the lengths and sets of characters in passwords. There are many features that make it so powerful for example we can say it have the ability to perform quick, parallelized cracking on different cores of the CPU. Using John the Ripper password cracking tool help we can recover a forgotten password and also we can check the strength of our own passwords, and conduct full-scale security audits in our password-protected systems and services.