How to Crack Password using John the Ripper in Kali Linux
Step 1: In Kali Linux John the ripper tool is pre-installed but if you are facing any issues then you install again it using the following command.
$ sudo apt install john
Step 2: Now using following command we can check the john the ripper version and other related information.
$ john
Step 3: For our testing and demo purpose we have hash file which consists hash password in diffirent diffirent format and also we have custom wordlist for dictionary attack using john the ripper. For listing everything and seeing we can use following command.
$ ls
Step 4: Now for findig password using dictionary attack we can use following command where rockyou.txt file is wordlist which exists by default in kali linux and alpha.txt is our hash stored file which contains our real password in MD5 hash format. Using following command we can see we cracked the password which is abcd.
$ john --wordlist=/usr/share/wordlists/rockyou.txt alpha.txt --format=raw-md5
Step 5: In another file num.txt we have MD5 hash format . We can also use incremental mode for cracking this password file where our john the ripper tool increment its value one by one and tries to match password one by one and when it matches it give us result that password has been found out.
$ john --format=raw-md5 num.txt --incremental
Step 6: Now in this step we will use our custom dictionary file instead of pre saved file in kali linux. This method can be very useful when we have list of passwords in which one is correct.
Following is our hash1.txt file data in md5 format which we will crack using john the ripper.
Following is command for cracking password hash using custom dictionary file.
$ john --wordlist=customwc.txt hash1.txt --format=raw-md5
Step 7: In john the ripper we can use multiple type of hash format for cracking the passwords. Following is example for cracking the password of SHA1 type hash using john the ripper in kali linux.
$ john --wordlist=customwc.txt hashsha.txt --format=raw-sha1
How to use John the Ripper in Kali Linux
John the Ripper, which in general we all know as John is a very popular and free password-cracking tool that is included by default in the Kali Linux Operating System. John tool was first introduced in 1996 and nowadays it has become an important tool for security researchers and professionals for analyzing passwords and also for cracking passwords. John the Ripper is an optimized tool to recover lost passwords and assess the strength of password protection systems through its dictionary and brute-force attacks for hashed passwords. It can work across many different types of hashing, such as MD5 and SHA1, SHA2, NTLM, and many other hash-type passwords. John the Ripper can also automatically detect the lengths and sets of characters in passwords. There are many features that make it so powerful for example we can say it have the ability to perform quick, parallelized cracking on different cores of the CPU. Using John the Ripper password cracking tool help we can recover a forgotten password and also we can check the strength of our own passwords, and conduct full-scale security audits in our password-protected systems and services.