john

John is a powerfull tool for cracking password. In order to use john, we have to specify a word list and the hash to crack. The output will be a password which has been hashed.

john [options] --wordlist=[word list] [hash file]

Generate hashes

Sometimes, we need to crack a system which hasn't a hash format. In this case, John cannot be usefull directly, we just need to generate a hash format with some utilities.

ssh2john [rsa private key file] > [output file]
zip2john [options] [zip file] > [output file]
rar2john [rar file] > [output file]
gpg2john [gpg file] > [output file]
unshadow /etc/passwd /etc/shadow > [output file]

Set hash type

If we know the hash type, we can specify it to john. So the cracking will go faster. John would not have to search for the hash type itself.

john --list=formats | grep -iF "hash type" # Get the code of the hash type in john
john --format=[hash type code] --wordlist=[word list] [hash file]

Single-mode

We use a customed word basis for cracking the hash, this is word mangling. hash format : <basis>:<hash>

john --single --format=[format] [path to file]

Previoushydra Nextwordlists

Last updated 8 months ago