Crack Password with John The Ripper – Full Guide

By /

Listen to this Post

John the Ripper is a popular password-cracking tool used by cybersecurity professionals and ethical hackers to test password strength. It supports various encryption algorithms and can crack passwords from hashes obtained from different sources.

You Should Know:

1. Installing John the Ripper

On Linux (Debian/Ubuntu):

sudo apt update && sudo apt install john -y

On Windows:

Download from the official site.

2. Basic Password Cracking

To crack a password hash stored in a file (hashes.txt): 

john --format=raw-md5 hashes.txt

3. Using Wordlists for Faster Cracking

John supports wordlist attacks. Use `rockyou.txt` (commonly found in `/usr/share/wordlists` in Kali Linux): 

john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

4. Cracking ZIP/RAR Passwords

First, extract the hash using `zip2john` or `rar2john`:

zip2john encrypted.zip > zip_hash.txt
john --wordlist=/usr/share/wordlists/rockyou.txt zip_hash.txt

5. Cracking Linux Shadow Hashes

Combine `/etc/passwd` and `/etc/shadow`, then crack:

unshadow /etc/passwd /etc/shadow > unshadowed.txt
john --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt

6. Speeding Up Cracking with Rules

John allows rule-based attacks for modifying wordlists dynamically:

john --wordlist=rockyou.txt --rules hashes.txt

7. Show Cracked Passwords

To display previously cracked passwords:

john --show hashes.txt

8. Cracking SSH Private Keys

Convert the key to a crackable format:

ssh2john id_rsa > rsa_hash.txt
john --wordlist=rockyou.txt rsa_hash.txt

9. Using GPU for Faster Cracking

For faster performance, use `john` with `–device=1` (GPU):

john --format=raw-md5 --device=1 hashes.txt

10. Customizing Attack Modes

John supports incremental mode (brute-force):

john --incremental hashes.txt

What Undercode Say

John the Ripper remains a powerful tool for password auditing and recovery. Always use it ethically and legally—unauthorized cracking is illegal. Strengthen your passwords with complexity and length to resist such attacks.

For advanced users, combining Hashcat with John improves efficiency. Always keep systems updated to prevent hash leaks.

Expected Output:

Loaded 1 password hash (Raw-MD5 [MD5 256/256 AVX2 8x3])
password123 (admin)

For more details, visit: John the Ripper Official Site

References:

Reported By: Alexrweyemamu Crack – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: