How to use John the Ripper in Kali Linux

Written By: Jacob Mehnert
  • Comments: 0
How to use John the Ripper in Kali Linux

Difficulty

Moderate

Steps

6

Time Required

No estimate

Introduction

Warning: Obtaining unauthorized access to another's computer system or systems is illegal under the Computer Fraud & Abuse Act.

The following guide was made with the purpose of educating others on cyber security tools, technologies, and techniques with the intention of educating others on better protecting their own technologies and data. Please use the knowledge gained from this guide responsibly.

What is John the Ripper?

John the Ripper is a password cracking program that is used during pen testing, and can help IT staff to find weak passwords or identify poor password policies. John the Ripper uses several encryption technologies to autodetect the encryptions of hashed data and compares it against a list of plain-text file that contains common passwords.

What encryptions are supported?

John the Ripper supports the following encryptions...

  • UNIX crypt(3)
  • Traditional DES-based
  • “bigcrypt”
  • BSDI extended DES-based
  • FreeBSD MD5-based (linux and Cisco IOS)
  • OpenBSD Blowfish-based
  • Kerberos/AFS
  • Windows LM (DES-based)
  • DES-based tripcodes
  • SHA-crypt hashes (newer versions of Fedora and Ubuntu)
  • SHA-crypt and SUNMD5 hashes (Solaris)

While these are the officially supported encryptions, additional encryptions can be added through extensions.

This guide will walk you through the process of using the John the Ripper program for password auditing and how it can be used for password recovery.

    • Start your computer and boot into Kali Linux

    • If you don't yet have a Kali Linux machine, follow this guide to install the OS onto a Virtual Machine

    • Once the operating system has fully loaded, open the terminal interface.

    • Identify the target file that contains the hashed passwords that you want to crack.

    • Use the Terminal interface to navigate to the directory where your target file is located.

    • John the Ripper requires that the hashed passwords be in a specific format.

    • If the target file contains unsalted MD5 hashes, then you can proceed to the next step. Otherwise you will need to convert the hashes to a compatible format.

    • In the terminal, enter the following command to initiate the John the Ripper program.

    • John [path/to/target/file]

    • John the Ripper will start processing the password hashes using the default settings.

    • John the Ripper will display its progress and estimated time remaining.

    • Once John the Ripper has finished processing, it will display the cracked passwords (if successful) or indicate the inability to crack certain passwords.

    • Examine the results displayed by John the Ripper in the Terminal.

    • Cracked passwords will be displayed alongside their corresponding hashes.

    • Use the obtained passwords responsibly and ensure that they conform to any applicable laws or policies.

Conclusion

Congratulations, you have successfully used John the Ripper with Kali Linux to audit and recover passwords. Remember to exercise caution and ethical considerations when using password-cracking tools.

The most important thing you should take away from this guide is to remember to use this information responsibly. Obtaining unauthorized access to another's computer system or systems is illegal under the Computer Fraud & Abuse Act.

Please use the knowledge gained from this guide responsibly.

Author

Jacob Mehnert

Member since: 18/10/21

26523 Reputation

0 comments