Questions tagged [john-the-ripper]

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version ("jumbo"). [openwall.com]

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. [openwall.com]

108 questions
17
votes
1 answer

John the ripper password cracked or not?

I have the shadow file from an embedded device running linux. Trying to use John to crack it. There is only the 'root' hash in the shadow file. 12 seconds in, John finds the password for 'root', but the program hasn't stopped trying. JohnFAQ…
zoulzubazz
  • 171
  • 1
  • 4
9
votes
1 answer

show previously hacked passwords with John The Ripper

I tried to crack my windows passwords on the SAM file with john the ripper, it worked just fine, and it shows me the password. But when i try to hack the same file again, john just tells me : Loaded 4 password hashes with no different salts (LM [DES…
Sidahmed
  • 639
  • 2
  • 9
  • 26
7
votes
2 answers

How to crack `salt + SHA256(salt + password)` hashes with JTR?

I have a set of password hashes. Here is an example: 9e74437e97ff201ff38416138a22a7f3adfa3b9c10e947481bd94b16eed7df6b6e2806 From the source code of the application generating this hash I learned that the salt is prepended as the first 6 characters…
golem
  • 933
  • 2
  • 10
  • 14
7
votes
1 answer

Why won't pdf2john extract the password hash of this encrypted pdf? Getting blank results

New to the community, and to JtR and Hashcat as a whole, but after searching for a few days I couldn't find a solution to this specific problem. I have a password protected PDF file that I'm trying to crack to prove to a friend of mine that it can…
6
votes
1 answer

Use John the Ripper to break Password Protected Zip

I installed kali linux, that comes with John the ripper. I have a password-protected zip file. I'm pretty sure the password is complex. I first convert the zip into a hash: sudo zip2john FILE_LOCATION > zippedzip.txt It took around 20 seconds to…
Tarun Ravi
  • 61
  • 1
  • 1
  • 2
5
votes
3 answers

Brute force alphanumeric password using JohnTheRipper

I recently recovered a zip archive with some files I need access to, but I can't remember the password. All I can remember is that the password was short (around 3-4 characters), and contained only lowercase characters and possibly numbers). However…
andrepd
  • 161
  • 1
  • 1
  • 4
5
votes
1 answer

John the ripper passwd file format with salt not working

I'm trying test password strength in one of our e-commerce sites. I'm using john the ripper to brute-force a password file. The algorithm used by PHP is: $hash = md5($salt . $pass) No other transformation is performed nor in the $salt or in the…
user2253620
  • 61
  • 1
  • 1
  • 3
5
votes
1 answer

For bcrypt why is JTR so much faster than hashcat?

To keep it short I've recently been learning about hashing and password hash cracking on TryHackMe. I was tasked to crack the following hash: $2y$10$0veO/JSFh4389Lluc4Xya.dfy2MF.bZhz0jVMw.V.d3p12kBtZutm When trying to crack with hashcat I used the…
JuniorPen
  • 51
  • 1
  • 2
5
votes
4 answers

How do I crack an id_rsa encrypted private key with john the ripper?

I am trying to crack a password protected id_rsa, with john the ripper. But it doesn't find the correct password for some reason. I have create a new user and generated a new id_rsa with ssh-keygen (the password used is "password"). pwn@kali:~$ ls…
Olivier Lasne
  • 161
  • 1
  • 1
  • 5
5
votes
3 answers

Is it possible to crack any SHA1 hashed password

I'm trying to understand how easy it is to crack a SHA1 hashed password. I have a training database giving hundreds of password hashed. I have tried to use some online tools to crack them and I have realized that I can only crack relatively simple…
KB303
  • 423
  • 2
  • 5
  • 15
4
votes
2 answers

Generate John the Ripper rule

This question asks for pointers about generating JtR rulesets, but the OP states I understand how to use it to make various permutations from a given wordlist Could someone please explain that? From the documentation, it seems as though REGEX…
serv-inc
  • 441
  • 1
  • 4
  • 11
3
votes
1 answer

Pointers for john the ripper rulesets

I've been pouring over the JtR ruleset documentation and making little progress. I understand how to use it to make various permutations from a given wordlist, that's fine. However, I'm trying to figure out how (if it is possible) to use them…
3
votes
2 answers

Does john the ripper not support yescrypt?

I'm learning about password attacks using john and am trying to use it for bruteforcing my shaddow file. I created a user called newuser with password stuff and then used sudo unshadow /etc/passwd /etc/shadow > hashes to join the passwd and shadow…
3
votes
1 answer

John The Ripper - find password when you know a part of it

I left my old job a few years back and wanted to check a few of my old pdf payslips but for the life of me I can't remember the password. I've tried using John The Ripper in incremental mode because I do know it wasn't a complicated password (I…
Will
  • 133
  • 1
  • 5
3
votes
1 answer

"john --format=md5" caused "Unknown ciphertext format name requested" error

This is known md5 hash for Kioptrix: Level 1.1 (#2) Linux unshadow file wolf@linux:~$ cat md5hash.txt…
Wolf
  • 347
  • 2
  • 3
  • 15
1
2 3 4 5 6 7 8