John the Ripper
John the Ripper (aka JtR or john) is a well-known penetration testing tool used for cracking passwords through various attacks including brute-force and dictionary. It is open-source software initially developed for UNIX-based systems and was first released in 1996. It has become a staple of the security industry due to its various capabilities.
The “jumbo” variant is recommended for penetration testing uses, as it has performance optimizations, additional features such as multilingual word lists, and support for 64-bit architectures. This version is able to crack passwords with greater accuracy and speed.
Included with JtR are various tools for converting different types of files and hashes into formats that are usable by JtR. Additionally, the software is regularly updated to keep up with the current security trends and technologies.
Installation
John the Ripper often comes pre-installed on penetration testing distributions like Kali Linux. You can verify its presence by running:
john --help
If not installed, you can install it from the package repository:
sudo apt-get update
sudo apt-get install john
For the jumbo version with additional features:
sudo apt-get install john-jumbo
Basic Syntax
john [options] <hash_file>
Cracking Modes
John the Ripper supports multiple cracking modes, each suited for different scenarios.
Single Crack Mode
Single crack mode is a rule-based cracking technique that is most useful when targeting Linux credentials. It generates password candidates based on the victim’s username, home directory name, and GECOS values (full name, room number, phone number, etc.). These strings are run against a large set of rules that apply common string modifications seen in passwords.
Example: A user whose real name is “Bob Smith” might use “Smith1” as their password.
Given a passwd file with contents like:
r0lf:$6$ues25dIanlctrWxg$nZHVz2z4kCy1760Ee28M1xtHdGoy0C2cYzZ8l2sVa1kIa8K9gAcdBP.GI6ng/qA4oaMrgElZ1Cb9OeXO4Fvy3/:0:0:Rolf Sebastian:/home/r0lf:/bin/bash
Based on the file contents, it can be inferred that the victim has:
- Username:
r0lf - Real name:
Rolf Sebastian - Home directory:
/home/r0lf
Single crack mode will use this information to generate candidate passwords:
john --single passwd
Wordlist Mode
Wordlist mode is used to crack passwords with a dictionary attack, meaning it attempts all passwords in a supplied wordlist against the password hash.
john --wordlist=<wordlist_file> <hash_file>
The wordlist file must be in plain text format, with one word per line. Multiple wordlists can be specified by separating them with a comma.
Rules can be applied to generate candidate passwords using transformations such as appending numbers, capitalizing letters, and adding special characters:
john --wordlist=passwords.txt --rules hashes.txt
Incremental Mode
Incremental mode is a powerful, brute-force-style password cracking mode that generates candidate passwords based on a statistical model (Markov chains). It is designed to test all character combinations defined by a specific character set, prioritizing more likely passwords based on training data.
This mode is the most exhaustive, but also the most time-consuming. It generates password guesses dynamically and does not rely on a predefined wordlist. Unlike purely random brute-force attacks, Incremental mode uses a statistical model to make educated guesses, resulting in significantly more efficient cracking.
john --incremental hashes.txt
Common Options
| Option | Description | Example |
|---|---|---|
--single | Use single crack mode | john --single passwd |
--wordlist=FILE | Use wordlist for dictionary attack | john --wordlist=passwords.txt hashes.txt |
--incremental | Use incremental (brute-force) mode | john --incremental hashes.txt |
--format=FORMAT | Specify hash format | john --format=raw-md5 hashes.txt |
--rules | Apply word mangling rules | john --wordlist=words.txt --rules hashes.txt |
--show | Display cracked passwords | john --show hashes.txt |
--pot=FILE | Specify pot file location | john --pot=custom.pot hashes.txt |
--session=NAME | Name the session for restore | john --session=crack1 hashes.txt |
--restore=NAME | Restore a previous session | john --restore=crack1 |
--list=formats | List all supported hash formats | john --list=formats |
Hash Formats
John the Ripper supports a wide variety of hash formats. Use --format=FORMAT to specify the hash type.
| Format | Command | Description |
|---|---|---|
| Raw MD5 | john --format=raw-md5 [...] <hash_file> | Raw MD5 password hashes |
| Raw SHA1 | john --format=raw-sha1 [...] <hash_file> | Raw SHA1 password hashes |
| Raw SHA256 | john --format=raw-sha256 [...] <hash_file> | Raw SHA256 password hashes |
| Raw SHA512 | john --format=raw-sha512 [...] <hash_file> | Raw SHA512 password hashes |
| SHA512crypt | john --format=sha512crypt [...] <hash_file> | Linux crypt(3) $6$ hashes |
| MD5crypt | john --format=md5crypt [...] <hash_file> | Linux crypt(3) $1$ hashes |
| bcrypt | john --format=bcrypt [...] <hash_file> | Blowfish-based password hashes |
| NT | john --format=nt [...] <hash_file> | Windows NT password hashes |
| LM | john --format=LM [...] <hash_file> | LAN Manager password hashes |
| NETLM | john --format=netlm [...] <hash_file> | NT LAN Manager network hashes |
| NETLMv2 | john --format=netlmv2 [...] <hash_file> | NTLMv2 network hashes |
| NETNTLM | john --format=netntlm [...] <hash_file> | NTLM network hashes |
| NETNTLMv2 | john --format=netntlmv2 [...] <hash_file> | NTLMv2 network hashes |
| Kerberos 5 | john --format=krb5 [...] <hash_file> | Kerberos 5 password hashes |
| MS Cache | john --format=mscash [...] <hash_file> | MS Cache password hashes |
| MS Cache v2 | john --format=mscash2 [...] <hash_file> | MS Cache v2 password hashes |
| MySQL | john --format=mysql [...] <hash_file> | MySQL password hashes |
| MySQL SHA1 | john --format=mysql-sha1 [...] <hash_file> | MySQL SHA1 password hashes |
| MSSQL | john --format=mssql [...] <hash_file> | MS SQL password hashes |
| MSSQL 2005 | john --format=mssql05 [...] <hash_file> | MS SQL 2005 password hashes |
| Oracle | john --format=oracle [...] <hash_file> | Oracle password hashes |
| Oracle 11 | john --format=oracle11 [...] <hash_file> | Oracle 11 password hashes |
| PostgreSQL | john --format=postgres [...] <hash_file> | PostgreSQL password hashes |
john --format=pdf [...] <hash_file> | PDF password hashes | |
| RAR | john --format=rar [...] <hash_file> | RAR archive password hashes |
| ZIP | john --format=zip [...] <hash_file> | ZIP archive password hashes |
| SSH | john --format=ssh [...] <hash_file> | SSH private key password hashes |
| HMAC-MD5 | john --format=hmac-md5 [...] <hash_file> | HMAC-MD5 password hashes |
| Cisco PIX MD5 | john --format=pix-md5 [...] <hash_file> | Cisco PIX MD5 password hashes |
| Lotus Notes 5 | john --format=lotus5 [...] <hash_file> | Lotus Notes/Domino 5 password hashes |
| SAP BCODE | john --format=sapb [...] <hash_file> | SAP CODVN B password hashes |
| SAP PASSCODE | john --format=sapg [...] <hash_file> | SAP CODVN G password hashes |
To list all supported formats:
john --list=formats
Cracking Files with 2john Tools
Password-protected or encrypted files can be cracked with JtR using the included “2john” conversion tools. These tools process files and produce hashes compatible with JtR.
General Syntax
<tool> <file_to_crack> > file.hash
john file.hash
Available 2john Tools
| Tool | Description |
|---|---|
pdf2john | Converts PDF documents for John |
ssh2john | Converts SSH private keys for John |
mscash2john | Converts MS Cash hashes for John |
keychain2john | Converts OS X keychain files for John |
rar2john | Converts RAR archives for John |
pfx2john | Converts PKCS#12 files for John |
truecrypt_volume2john | Converts TrueCrypt volumes for John |
keepass2john | Converts KeePass databases for John |
vncpcap2john | Converts VNC PCAP files for John |
putty2john | Converts PuTTY private keys for John |
zip2john | Converts ZIP archives for John |
hccap2john | Converts WPA/WPA2 handshake captures for John |
office2john | Converts MS Office documents for John |
wpa2john | Converts WPA/WPA2 handshakes for John |
bitlocker2john | Converts BitLocker volumes for John |
dmg2john | Converts macOS DMG files for John |
gpg2john | Converts GPG keys for John |
7z2john.pl | Converts 7-Zip archives for John |
1password2john.py | Converts 1Password vaults for John |
androidbackup2john.py | Converts Android backup files for John |
Find all available 2john tools on your system:
locate *2john*
Common Usage Examples
Crack Linux Shadow File (Single Mode)
john --single passwd
Dictionary Attack
john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt
Dictionary Attack with Rules
john --wordlist=/usr/share/wordlists/rockyou.txt --rules hashes.txt
Crack Specific Hash Format
john --format=raw-md5 --wordlist=passwords.txt md5_hashes.txt
Show Cracked Passwords
john --show hashes.txt
Incremental (Brute Force) Mode
john --incremental hashes.txt
Crack a ZIP File
zip2john protected.zip > zip.hash
john --wordlist=/usr/share/wordlists/rockyou.txt zip.hash
Crack an SSH Private Key
ssh2john id_rsa > ssh.hash
john --wordlist=passwords.txt ssh.hash
Crack a KeePass Database
keepass2john database.kdbx > keepass.hash
john --wordlist=passwords.txt keepass.hash
Crack a PDF File
pdf2john protected.pdf > pdf.hash
john --wordlist=passwords.txt pdf.hash
Crack MS Office Document
office2john document.docx > office.hash
john --wordlist=passwords.txt office.hash
Save and Restore Session
# Start a named session
john --session=mycrack --wordlist=big_wordlist.txt hashes.txt
# If interrupted, restore the session
john --restore=mycrack
Cracking Protected Files
The use of file encryption is often neglected in both private and professional contexts. Even today, emails containing job applications, account statements, or contracts are frequently sent without encryption. Nevertheless, encrypted files can still be cracked with the right combination of wordlists and tools.
Hunting for Encrypted Files
Many different extensions correspond to encrypted files. Use this command to locate commonly encrypted files on a Linux system:
for ext in $(echo ".xls .xls* .xltx .od* .doc .doc* .pdf .pot .pot* .pp*"); do
echo -e "\nFile extension: " $ext
find / -name *$ext 2>/dev/null | grep -v "lib\|fonts\|share\|core"
done
Hunting for SSH Keys
SSH private keys don’t have standard file extensions, but they can be identified by their header content:
grep -rnE '^\-{5}BEGIN [A-Z0-9]+ PRIVATE KEY\-{5}$' /* 2>/dev/null
Example output:
/home/jsmith/.ssh/id_ed25519:1:-----BEGIN OPENSSH PRIVATE KEY-----
/home/jsmith/.ssh/SSH.private:1:-----BEGIN RSA PRIVATE KEY-----
/home/jsmith/Documents/id_rsa:1:-----BEGIN OPENSSH PRIVATE KEY-----
To check if an SSH key is encrypted, try reading it with ssh-keygen:
ssh-keygen -yf ~/.ssh/id_rsa
# If encrypted, prompts: Enter passphrase for "/home/jsmith/.ssh/id_rsa":
Older PEM formats show encryption info in the header:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,2109D25CC91F8DBFCEB0F7589066B2CC
Cracking Encrypted SSH Keys
Use ssh2john.py to extract the hash, then crack with JtR:
ssh2john.py SSH.private > ssh.hash
john --wordlist=rockyou.txt ssh.hash
View the cracked password:
john ssh.hash --show
SSH.private:1234
1 password hash cracked, 0 left
Cracking Password-Protected Documents
Most reports, documentation, and information sheets are distributed as Microsoft Office documents or PDFs. Use office2john.py to extract password hashes from Office documents:
office2john.py Protected.docx > protected-docx.hash
john --wordlist=rockyou.txt protected-docx.hash
john protected-docx.hash --show
Protected.docx:1234
1 password hash cracked, 0 left
For PDF files, use pdf2john.py:
pdf2john.py PDF.pdf > pdf.hash
john --wordlist=rockyou.txt pdf.hash
john pdf.hash --show
PDF.pdf:1234
1 password hash cracked, 0 left
Cracking Protected Archives
Besides standalone files, we often encounter password-protected archives such as ZIP files.
Common Archive Types
Common archive extensions include: tar, gz, rar, zip, vmdb/vmx, cpt, truecrypt, bitlocker, kdbx, deb, 7z, and gzip.
Cracking ZIP Files
zip2john ZIP.zip > zip.hash
cat zip.hash
# ZIP.zip/customers.csv:$pkzip2$1*2*2*0*2a*1e*490e7510*...*$/pkzip2$:customers.csv:ZIP.zip::ZIP.zip
john --wordlist=rockyou.txt zip.hash
john zip.hash --show
ZIP.zip/customers.csv:1234:customers.csv:ZIP.zip::ZIP.zip
1 password hash cracked, 0 left
Cracking OpenSSL Encrypted GZIP Files
Some archive formats don’t natively support password protection and are encrypted using tools like openssl. Use the file command to identify such files:
file GZIP.gzip
# GZIP.gzip: openssl enc'd data with salted password
When cracking OpenSSL encrypted files, a reliable approach is to use openssl within a loop that attempts to extract contents directly:
for i in $(cat rockyou.txt); do
openssl enc -aes-256-cbc -d -in GZIP.gzip -k $i 2>/dev/null | tar xz
done
GZIP-related error messages can be safely ignored. When the correct password is found, the file is extracted to the current directory.
Cracking BitLocker-Encrypted Drives
BitLocker is a full-disk encryption feature for Windows using AES with 128-bit or 256-bit keys. Use bitlocker2john to extract hashes:
bitlocker2john -i Backup.vhd > backup.hashes
grep "bitlocker\$0" backup.hashes > backup.hash
cat backup.hash
# $bitlocker$0$16$02b329c0453b9273f2fc1b927443b5fe$1048576$12$...
The script outputs four hashes: the first two are for the password, the latter two for the recovery key. Focus on cracking the password hash ($bitlocker$0$...).
john --wordlist=rockyou.txt backup.hash
Note: BitLocker uses strong AES encryption, so cracking may take considerable time.
Mounting BitLocker Drives in Linux
Install dislocker:
sudo apt-get install dislocker
Create mount directories:
sudo mkdir -p /media/bitlocker
sudo mkdir -p /media/bitlockermount
Mount and decrypt:
sudo losetup -f -P Backup.vhd
sudo dislocker /dev/loop0p2 -u1234qwer -- /media/bitlocker
sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount
Browse the files:
cd /media/bitlockermount/
ls -la
Unmount when done:
sudo umount /media/bitlockermount
sudo umount /media/bitlocker
Core Takeaways
- Single crack mode is most effective for Linux credentials, using username and GECOS data to generate candidates.
- Wordlist mode performs dictionary attacks; use
--rulesto apply transformations for better coverage. - Incremental mode is exhaustive brute-force using Markov chains, best for when wordlists fail.
- Use
--format=FORMATwhen John doesn’t auto-detect the hash type correctly. - The 2john tools convert various file types (ZIP, PDF, SSH keys, etc.) into crackable hash formats.
- Use
--sessionand--restorefor long-running cracks that may be interrupted. - Use
--showto display previously cracked passwords from the pot file. - The jumbo version includes more formats, rules, and optimizations for better performance.