john [options] <hash_file>
Mode Option Description Example
Single --singleRule-based cracking using username/GECOS data john --single passwdWordlist --wordlist=FILEDictionary attack with wordlist john --wordlist=rockyou.txt hashes.txtIncremental --incrementalBrute-force using Markov chains john --incremental hashes.txt
Option Description Example
--format=FORMATSpecify hash format john --format=raw-md5 hashes.txt--wordlist=FILEUse wordlist for dictionary attack john --wordlist=passwords.txt hashes.txt--rulesApply word mangling rules john --wordlist=words.txt --rules hashes.txt--showDisplay cracked passwords john --show hashes.txt--pot=FILESpecify pot file location john --pot=custom.pot hashes.txt--session=NAMEName the session for restore john --session=crack1 hashes.txt--restore=NAMERestore a previous session john --restore=crack1
Format Option Description
MD5 --format=raw-md5Raw MD5 hashes SHA1 --format=raw-sha1Raw SHA1 hashes SHA256 --format=raw-sha256Raw SHA256 hashes SHA512 --format=raw-sha512Raw SHA512 hashes SHA512crypt --format=sha512cryptLinux $6$ hashes MD5crypt --format=md5cryptLinux $1$ hashes bcrypt --format=bcryptBlowfish-based hashes NT --format=ntWindows NT hashes LM --format=LMLAN Manager hashes NTLM --format=netntlmNTLM network hashes NTLMv2 --format=netntlmv2NTLMv2 network hashes Kerberos 5 --format=krb5Kerberos 5 hashes MySQL --format=mysql-sha1MySQL SHA1 hashes MSSQL --format=mssqlMS SQL hashes Oracle --format=oracle11Oracle 11 hashes
Tool Description
zip2johnConvert ZIP archives rar2johnConvert RAR archives pdf2johnConvert PDF documents ssh2johnConvert SSH private keys keepass2johnConvert KeePass databases office2johnConvert MS Office documents putty2johnConvert PuTTY private keys gpg2johnConvert GPG keys wpa2johnConvert WPA/WPA2 handshakes truecrypt_volume2johnConvert TrueCrypt volumes bitlocker2johnConvert BitLocker volumes 7z2john.plConvert 7-Zip archives
Usage:
<tool> <file_to_crack> > file.hash
john file.hash
john --single passwd
john --wordlist=/usr/share/wordlists/rockyou.txt --rules hashes.txt
john --format=raw-md5 --wordlist=passwords.txt md5_hashes.txt
john --show hashes.txt
zip2john protected.zip > zip.hash
john --wordlist=rockyou.txt zip.hash
ssh2john id_rsa > ssh.hash
john --wordlist=passwords.txt ssh.hash
john --incremental hashes.txt
john --restore=session_name
for ext in $(echo ".xls .xls* .xltx .od* .doc .doc* .pdf .pot .pot* .pp*"); do
echo -e "\nFile extension: " $ext
find / -name *$ext 2>/dev/null | grep -v "lib\|fonts\|share\|core"
done
grep -rnE '^\-{5}BEGIN [A-Z0-9]+ PRIVATE KEY\-{5}$' /* 2>/dev/null
ssh-keygen -yf ~/.ssh/id_rsa
# If encrypted, prompts for passphrase
ssh2john.py SSH.private > ssh.hash
john --wordlist=rockyou.txt ssh.hash
john ssh.hash --show
office2john.py Protected.docx > protected-docx.hash
john --wordlist=rockyou.txt protected-docx.hash
john protected-docx.hash --show
pdf2john.py PDF.pdf > pdf.hash
john --wordlist=rockyou.txt pdf.hash
john pdf.hash --show
zip2john ZIP.zip > zip.hash
john --wordlist=rockyou.txt zip.hash
john zip.hash --show
# Check file type
file GZIP.gzip
# Output: openssl enc'd data with salted password
# Brute-force with loop (errors expected, file extracts on success)
for i in $(cat rockyou.txt); do
openssl enc -aes-256-cbc -d -in GZIP.gzip -k $i 2>/dev/null | tar xz
done
bitlocker2john -i Backup.vhd > backup.hashes
grep "bitlocker\$0" backup.hashes > backup.hash
john --wordlist=rockyou.txt backup.hash
# Install dislocker
sudo apt-get install dislocker
# Create mount points
sudo mkdir -p /media/bitlocker /media/bitlockermount
# Mount and decrypt
sudo losetup -f -P Backup.vhd
sudo dislocker /dev/loop0p2 -u<password> -- /media/bitlocker
sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount
# Unmount when done
sudo umount /media/bitlockermount
sudo umount /media/bitlocker