John the ripper
Last updated
Last updated
~/.john
Cracked passwords: ~/.john/john.pot
The --rules
flag allows specification of rules to be applied to values in a word list, in order to generate possible password variations.
The instructions/format for the rules can be found in the /etc/john/john.conf
file under a specific header in the format [List.Rules:rule_format]
. A few examples include single
or wordlist
.
[List.Rules:Single]
(/etc/john/john.conf)
Uses information from a given set of data consisting of user-specific information such as username, passwords used in other applications, private information such as pet's name, etc. to generate variations of the initial supplied data.
Eg. Information have been gathered about a target, and the following word list have been generated - consisting of the username/passwords used on other sites (leaked or hacked via means) and pet's name.
The single
ruleset may generate variations of these data such as: thundere@gle
, j@rrett
, etc.
[List.Rules:Wordlist]
(/etc/john/john.conf)
A rule will be applied to each word from the supplied wordlist to generate additional variations. For example, it could append numbers to the value, capitalize them, etc.
The wordlist
ruleset may generate variations of these data such as: weakpass12
,12weakpass
etc.
Overview
--rules=single
: Best used to generate password guesses based on data related to a target user: usernames, passwords, etc. and apply simple transformations.
--rules=wordlist
: Best used to apply transformations to every word in a wordlist to generate variatons.
unshadow
Conversion of data format or password protected media to a format that john can crack.
Eg. Conversion of password protected PDF file to john understandable format:
/usr/share/john/pdf2john.pl
/usr/bin/pdf2john
/opt/pdf2john.pl
...
Given a .pdf
file named private.pdf
Now, john can be ran on the pdf.hash
file
Load the single NTLM hash value or the whole line of entry from the SAM database into a .txt file. Eg. retrieved from TryHackMe practice room:
jchambers:1114:aad3b435b51404eeaad3b435b51404ee:69596c7aa1e8daee17f8e78870e25a5c:::