IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [john-the-ripper]

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version ("jumbo"). [openwall.com]

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. [openwall.com]

108 questions
3
votes
2 answers

John the Riper couldn't crack all the passwoords

I have a password file with 7 passwords, but JTR only could crack 4 and 3 that couldn't. What it's the reason? C:\tmp\john179j5\run>john --show…
John
  • 51
  • 1
  • 3
3
votes
1 answer

How is it that tools like Hashcat, JTR able to bruteforce an NTLMv2 hashes?

With regards to the following question about the feasibility of (brute|dictionary|rainbowtable)-forcing an NTLMv2 hash: How feasible is it for an attacker to brute-force an NTLMv2 response captured off the network? ..I'm trying to understand how is…
Vicer
  • 113
  • 8
3
votes
2 answers

John the ripper - creating specific rules

We have a situation where I am not finding any documentation on it. We are trying to scale across multiple machines/job by breaking up the keyspace by complexity. Its a 7 char completely random alphanum pwd. We created a "wordlist" of 3844 "words"…
Ryan
  • 31
  • 2
3
votes
3 answers

what order does the incremental mode of john the ripper, brute force passwords in?

I am practicing reversing md5 hashed passwords using John the Riper and was curious about some behaviour. I added the md5 hash of zaa to the top of the file with the hashes and when I ran john passwordFile.txt it reversed the hash to find zaa very…
Celeritas
  • 10,039
  • 22
  • 77
  • 144
2
votes
1 answer

John the Ripper: Output meaning - wordlist mode

Does the result output line of john the ripper show all the words tried? E.g. does this line 0g 0:00:00:08 DONE (2022-03-11 06:00) 0g/s 1665Kp/s 1665Kc/s 1665KC/s 99CS .. 9999 mean that john tried all the words in the range between 99CS and 9999? Or…
Bat
  • 21
  • 4
2
votes
0 answers

Why is John returning gibberish for cracked hashes

I've been messing around with John, and when I attempt to crack an SSH hash, I receive this output. Any clue why the cracked hash is displaying the gibberish?? I used ssh2john to convert the key to a crackable hash, then used the output in…
Mackalacka
  • 21
  • 1
2
votes
0 answers

Can anyone identify the $y$ hash prefix or identify what hash this could be?

I'm using Kali Linux and trying to crack my own /etc/passwd file with the username "matt". I've unshadowed it however trying to use Hashcat or JohnTheRipper to identify and crack it has yielded no results. The $y$ prefix doesn't seem to come up on…
Valkyr
  • 21
  • 1
  • 3
2
votes
0 answers

Decrypting xls file using John The Ripper

I need to open an excel file and see its contents which is locked with password. As I made some research on the internet, I have found that only way was a brute force attack. So I used John the Ripper on Ubuntu, and detected and extracted hash of…
KontrCode
  • 21
  • 4
2
votes
1 answer

John The Ripper Error: No password hashes loaded when cracking a zip file in kali linux

I was practicing bruteforce attacks using John The Ripper. I want to crack a zip file. I obtained the hash and stored it in a zip file but when I attempt to crack the zip file it is giving me an error saying No password hashes loaded This is the…
Noamaan Mulla
  • 23
  • 1
  • 5
2
votes
1 answer

Unable to get John the Ripper to crack PDF password

I am new to Kali Linux and JTR but am playing around trying to crack a PDF file. I set the PDF Password to test so it's a known password on my own file. For whatever reason JTR appears to finish cracking the file but returns (?) What am I doing…
Hooplator15
  • 121
  • 1
  • 4
2
votes
1 answer

Decrypting a password-protected 7z file with Delta filter fails

I have made a 7z archive using Delta filter containing a wav file and I have protected it with a password. I am running a terminal in Kali Linux. My problem is that I cannot get the password cracked using 7z2john.pl and John the Ripper. If I omit…
juhohe
  • 21
  • 1
  • 3
2
votes
1 answer

Crack windows excel password

I have many password protected microsoft excel worksheet and I need to be able to edit it. I have forgotten the password, and I know that I can edit the file and take out the password check, but I have quite a few worksheets I would have to do this…
Ethan
  • 21
  • 2
2
votes
2 answers

dictionary attack hashing algorithm

Does the kind of algorithm used to hash passwords have any advantages or disadvantages in a dictionary attack? i.e. SHA256, MD5, etc. or is it just the dictionary that is used by the attacker matters? As far as I can understand, the hashing…
gg0092
  • 21
  • 3
2
votes
0 answers

Brute force hex password with exactly two special characters using JohnTheRipper

I want to optimize the way I'm using John the Ripper. I have a password with a know length (9) that consists only of (lower-case) hex characters and exactly two special characters. First I tried using the --increment=ASCII option combined with a…
Norbert
  • 121
  • 3
2
votes
1 answer

Generate a wordlist using John the Ripper

I want to generate wordlist with these rules: 8 characters, at least one uppercase letter, at least one lowercase letter, exactly two numbers. I've done a lot of google searching, and can't seem to understand how to do this. Can I get some…
john
  • 21
  • 1
  • 3
1
2
3 4 5 6 7 8