Password Cracking using John The Ripper and Johnny

John the Ripper is a powerful and popular open-source password cracking tool. It's known for its versatility and capability to crack various types of password hashes through different attack methods. On the other hand, Johnny is a user-friendly graphical interface (GUI) that makes John the Ripper more accessible to non-technical users, simplifying the process of password cracking.

Table of Contents

• John the Ripper
• Features and capabilities of John the Ripper
• Supported Platforms and Environments
• Johnny, a GUI for John the Ripper
• Advantages of Using Johnny over the Command-line Version
• Installation and Setup
• Components and Functionalities
• Console log: 
• Start, Resume, and Pause Attack Buttons:
• Progress Bar:
• Explain with Examples:
• Example 1: How to Crack Any Type of Hash?
• Example 2: How to Crack a Password-Protected Encrypted File like '.zip', '.rar'?
• Example 3: How to Crack a Password-Protected PDF File?
• Example 4: How to Crack a Linux Password?
• Example 5: How to Crack Windows Password?
• Conclusion

 

Hello, everyone! Today, we'll demonstrate practical password-cracking examples using John the Ripper and Johnny. We'll focus on legitimate use cases, like testing the security of your own passwords or recovering lost credentials. Remember, always use this knowledge responsibly and ethically, avoiding unauthorized or malicious activities. Let's get started!

John the Ripper

Let’s Start with John the Ripper:

John the Ripper is a widely used, open-source password-cracking tool that primarily focuses on cracking password hashes. It supports a variety of hash types and employs several attack modes to attempt to break passwords. It is initially developed for Unix systems, but it has since expanded to work on multiple platforms and hash types.

Features and capabilities of John the Ripper

Let's explore the remarkable features and capabilities of John the Ripper!

• John the Ripper can handle various password hash formats, making it compatible with different systems and databases.
• It offers multiple attack modes, including brute-force, dictionary, and hybrid attacks, providing versatile options for cracking passwords.
• John the Ripper is optimized for speed, utilizing multiple CPU cores and GPUs to accelerate the password-cracking process.
• Users can easily use their own wordlists and apply custom rules to generate password variations efficiently.
• Being an open-source tool, John the Ripper benefits from continuous support and contributions from the vibrant cybersecurity community.

Supported Platforms and Environments

If we talk about, Supported Platforms and Environments, John the Ripper is compatible with various operating systems, including Windows, macOS, Linux, and other Unix-like systems. 

It also works on different architectures, making it highly versatile and widely accessible.

There is no need to install it, as John the Ripper comes pre-installed with Kali Linux. Open a terminal and use the Help flag to take a look at its Basic Usage and Command Syntax:

┌──(kali㉿kali)-[~]

└─$ john --help

John the Ripper 1.9.0-jumbo-1+bleeding-aec1328d6c 2021-11-02 10:45:52 +0100 OMP [linux-gnu 64-bit x86_64 SSE2 AC]

Copyright (c) 1996-2021 by Solar Designer and others

Homepage: https://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]

--help                     Print usage summary

--single[=SECTION[,..]]    "Single crack" mode, using default or named rules

--single=:rule[,..]        Same, using "immediate" rule(s)

--single-seed=WORD[,WORD]  Add static seed word(s) for all salts in single mode

--single-wordlist=FILE     *Short* wordlist with static seed words/morphemes

--single-user-seed=FILE    Wordlist with seeds per username (user:password[s]

                           format)

--single-pair-max=N        Override max. number of word pairs generated (6)

--no-single-pair           Disable single word pair generation

--[no-]single-retest-guess Override config for SingleRetestGuess

--wordlist[=FILE] --stdin  Wordlist mode, read words from FILE or stdin

                  --pipe   like --stdin, but bulk reads, and allows rules

--rules[=SECTION[,..]]     Enable word mangling rules (for wordlist or PRINCE

                           modes), using default or named rules

--rules=:rule[;..]]        Same, using "immediate" rule(s)

--rules-stack=SECTION[,..] Stacked rules, applied after regular rules or to

                           modes that otherwise don't support rules

--rules-stack=:rule[;..]   Same, using "immediate" rule(s)

--rules-skip-nop           Skip any NOP ":" rules (you already ran w/o rules)

--loopback[=FILE]          Like --wordlist, but extract words from a .pot file

--mem-file-size=SIZE       Size threshold for wordlist preload (default 2048 MB)

--dupe-suppression         Suppress all dupes in wordlist (and force preload)

--incremental[=MODE]       "Incremental" mode [using section MODE]

--incremental-charcount=N  Override CharCount for incremental mode

--external=MODE            External mode or word filter

--mask[=MASK]              Mask mode using MASK (or default from john.conf)

--markov[=OPTIONS]         "Markov" mode (see doc/MARKOV)

--mkv-stats=FILE           "Markov" stats file

--prince[=FILE]            PRINCE mode, read words from FILE

--prince-loopback[=FILE]   Fetch words from a .pot file

--prince-elem-cnt-min=N    Minimum number of elements per chain (1)

--prince-elem-cnt-max=[-]N Maximum number of elements per chain (negative N is

                           relative to word length) (8)

--prince-skip=N            Initial skip

--prince-limit=N           Limit number of candidates generated

--prince-wl-dist-len       Calculate length distribution from wordlist

--prince-wl-max=N          Load only N words from input wordlist

--prince-case-permute      Permute case of first letter

--prince-mmap              Memory-map infile (not available with case permute)

--prince-keyspace          Just show total keyspace that would be produced

                           (disregarding skip and limit)

--subsets[=CHARSET]        "Subsets" mode (see doc/SUBSETS)

--subsets-required=N       The N first characters of "subsets" charset are

                           the "required set"

--subsets-min-diff=N       Minimum unique characters in subset

--subsets-max-diff=[-]N    Maximum unique characters in subset (negative N is

                           relative to word length)

--subsets-prefer-short     Prefer shorter candidates over smaller subsets

--subsets-prefer-small     Prefer smaller subsets over shorter candidates

--make-charset=FILE        Make a charset, FILE will be overwritten

--stdout[=LENGTH]          Just output candidate passwords [cut at LENGTH]

--session=NAME             Give a new session the NAME

--status[=NAME]            Print status of a session [called NAME]

--restore[=NAME]           Restore an interrupted session [called NAME]

--[no-]crack-status        Emit a status line whenever a password is cracked

--progress-every=N         Emit a status line every N seconds

--show[=left]              Show cracked passwords [if =left, then uncracked]

--show=formats             Show information about hashes in a file (JSON)

--show=invalid             Show lines that are not valid for selected format(s)

--test[=TIME]              Run tests and benchmarks for TIME seconds each

                           (if TIME is explicitly 0, test w/o benchmark)

--stress-test[=TIME]       Loop self tests forever

--test-full=LEVEL          Run more thorough self-tests

--no-mask                  Used with --test for alternate benchmark w/o mask

--skip-self-tests          Skip self tests

--users=[-]LOGIN|UID[,..]  [Do not] load this (these) user(s) only

--groups=[-]GID[,..]       Load users [not] of this (these) group(s) only

--shells=[-]SHELL[,..]     Load users with[out] this (these) shell(s) only

--salts=[-]COUNT[:MAX]     Load salts with[out] COUNT [to MAX] hashes, or

--salts=#M[-N]             Load M [to N] most populated salts

--costs=[-]C[:M][,...]     Load salts with[out] cost value Cn [to Mn]. For

                           tunable cost parameters, see doc/OPTIONS

--fork=N                   Fork N processes

--node=MIN[-MAX]/TOTAL     This node's number range out of TOTAL count

--save-memory=LEVEL        Enable memory saving, at LEVEL 1..3

--log-stderr               Log to screen instead of file

--verbosity=N              Change verbosity (1-5 or 6 for debug, default 3)

--no-log                   Disables creation and writing to john.log file

--bare-always-valid=Y      Treat bare hashes as valid (Y/N)

--catch-up=NAME            Catch up with existing (paused) session NAME

--config=FILE              Use FILE instead of john.conf or john.ini

--encoding=NAME            Input encoding (eg. UTF-8, ISO-8859-1). See also

                           doc/ENCODINGS.

--input-encoding=NAME      Input encoding (alias for --encoding)

--internal-codepage=NAME   Codepage used in rules/masks (see doc/ENCODINGS)

--target-encoding=NAME     Output encoding (used by format)

--force-tty                Set up terminal for reading keystrokes even if we're

                           not the foreground process

--field-separator-char=C   Use 'C' instead of the ':' in input and pot files

--[no-]keep-guessing       Try finding plaintext collisions

--list=WHAT                List capabilities, see --list=help or doc/OPTIONS

--length=N                 Shortcut for --min-len=N --max-len=N

--min-length=N             Request a minimum candidate length in bytes

--max-length=N             Request a maximum candidate length in bytes

--max-candidates=[-]N      Gracefully exit after this many candidates tried.

                           (if negative, reset count on each crack)

--max-run-time=[-]N        Gracefully exit after this many seconds (if negative,

                           reset timer on each crack)

--mkpc=N                   Request a lower max. keys per crypt

--no-loader-dupecheck      Disable the dupe checking when loading hashes

--pot=NAME                 Pot file to use

--regen-lost-salts=N       Brute force unknown salts (see doc/OPTIONS)

--reject-printable         Reject printable binaries

--tune=HOW                 Tuning options (auto/report/N)

--subformat=FORMAT         Pick a benchmark format for --format=crypt

--format=[NAME|CLASS][,..] Force hash of type NAME. The supported formats can

                           be seen with --list=formats and --list=subformats.

                           See also doc/OPTIONS for more advanced selection of

                           format(s), including using classes and wildcards.

                                                                                                                                  

┌──(kali㉿kali)-[~]

└─$ 

Using John the Ripper is straightforward. Just type john followed by options and the password file, 

john <options> <password-hash-file>

And you're good to go!

 

Johnny, a GUI for John the Ripper

John the Ripper is a widely used, open-source password-cracking tool that primarily focuses on cracking password hashes. It supports a variety of hash types and employs several attack modes to attempt to break passwords. It was initially developed for Unix systems, but it has since expanded to work on multiple platforms and hash types.

Advantages of Using Johnny over the Command-line Version

Let’s talk about the Advantages of Using Johnny over the Command-line Version:

• Johnny offers a visually appealing and straightforward user interface, reducing the learning curve for newcomers.
• The GUI streamlines the configuration process, allowing users to adjust settings without dealing with complex command-line options.
• Johnny provides real-time progress updates during the cracking process, making it easier to monitor and manage ongoing tasks.
• Johnny features a wizard mode that guides users through the necessary steps to start password cracking without requiring in-depth technical knowledge.
• The GUI may offer clearer error messages and easier troubleshooting, enhancing the overall user experience.

 

Installation and Setup

Let’s talk about it’s Installation and Setup:

Johnny does not come pre-installed with Kali Linux. So we have to install it manually. Use the following command, to download and install the package:

┌──(kali㉿kali)-[~]

└─$ sudo apt install johnny

[sudo] password for kali: 

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

The following packages were automatically installed and are no longer required:

  figlet finger firebird3.0-common firebird3.0-common-doc libavutil57 libbson-1.0-0 libcodec2-1.0 libfbclient2 libhashkit2

  libmemcached11 libmongoc-1.0-0 libmongocrypt0 libplacebo208 libpostproc56 libswscale6 libwinpr2-2 medusa numba-doc

  python-odf-doc python-odf-tools python-tables-data python3-aioredis python3-apscheduler python3-bottleneck python3-git

  python3-gitdb python3-llvmlite python3-numba python3-numexpr python3-odf python3-pandas python3-pandas-lib python3-pyexploitdb

  python3-pyfiglet python3-pyshodan python3-quamash python3-smmap python3-tables python3-tables-lib python3-tld python3-yaswfp

  rwho rwhod sparta-scripts toilet-fonts wapiti

Use 'sudo apt autoremove' to remove them.

The following NEW packages will be installed:

  johnny

0 upgraded, 1 newly installed, 0 to remove and 852 not upgraded.

Need to get 541 kB of archives.

After this operation, 923 kB of additional disk space will be used.

Get:1 http://http.kali.org/kali kali-rolling/main amd64 johnny amd64 2.2+git20160807-0kali2 [541 kB]

Fetched 541 kB in 18s (30.9 kB/s)                                                                                                

Selecting previously unselected package johnny.

(Reading database ... 400753 files and directories currently installed.)

Preparing to unpack .../johnny_2.2+git20160807-0kali2_amd64.deb ...

Unpacking johnny (2.2+git20160807-0kali2) ...

Setting up johnny (2.2+git20160807-0kali2) ...

Processing triggers for kali-menu (2023.2.3) ...

                                                                                                                                  

┌──(kali㉿kali)-[~]

└─$ 

With Johnny successfully installed, you can launch it effortlessly. Simply locate Johnny in your application menu and click on it. 

As you do, the intuitive GUI interface of Johnny will open up, ready for use. 

Components and Functionalities

Now, let's delve into its various components and functionalities. The user interface of Johnny typically consists of the following components:

Open Password File:

This section is used to load password files. 

There are two segments: one for hash files, and the other for password-protected files like ZIP, PDF, and rar files. 

Once loaded, they will be displayed in the highlighted area.

Option Tab:

Under the Options Tab, you'll find two sections: Session Detail, and Attack Mode. 

Let's explore them further.

Session Detail:

Here, you can provide the current password hash format in the input box. It defaults to a standard format, but you can adjust it if needed.

Attack Mode:

You can select the attack type from options like single crack, wordlist, incremental, external, mask, Markov, and Prince.

Among them the Wordlist tab is particularly important; it lets you input your custom wordlist.

Console log: 

This area displays logs for each attack attempt, providing insights into the cracking process.

Start, Resume, and Pause Attack Buttons:

These buttons initiate, resume, or pause the password-cracking process, giving you control over the operation.

Progress Bar:

The progress bar offers a visual representation of the cracking progress, making it easy to track.

Explain with Examples:

Let’s explain John the Ripper and Johnny using some Examples:

 

Example 1: How to Crack Any Type of Hash?

To initiate the process of cracking any hash, we must first obtain it. Hashes can adopt various formats, such as MD5, SHA, and others. 

Let's generate a hash using a hash generator and store it in a text file. To generate a hash, we can utilize online hash generator tools. 

For this illustration, let's generate an MD5 hash. 

In the input field, input your desired string and after clicking the " Generate " button, you'll be presented with a range of hash formats. 

Focus on copying the MD5 hash and, save the MD5 hash to a text editor and designate the file as " hashmd.txt ." 

With the hash file prepared, we are ready to proceed with the cracking process. To crack the password using John the Ripper, execute the following format:

john --format= <specify-hash-format> <specify-hash-file>

Now, run the command on the terminal:

┌──(kali㉿kali)-[~]

└─$ sudo john --format=Raw-MD5 hashmd.txt 

John the Ripper will try to crack the hash and reveal the password if successful. 

[sudo] password for kali: 

Using default input encoding: UTF-8

Loaded 1 password hash (Raw-MD5 [MD5 128/128 SSE2 4x3])

Warning: no OpenMP support for this hash type, consider --fork=2

Proceeding with single, rules:Single

Press 'q' or Ctrl-C to abort, almost any other key for status

Almost done: Processing the remaining buffered candidate passwords, if any.

Proceeding with wordlist:/usr/share/john/password.lst

Proceeding with incremental:ASCII

0g 0:00:00:56  3/3 0g/s 15409Kp/s 15409Kc/s 15409KC/s 5srvf8..5sssmf

Session aborted

                                                                                                                                  

┌──(kali㉿kali)-[~]

└─$

If somehow, it can't crack the hash, you can use a wordlist.

To use a wordlist, Create or obtain a wordlist containing potential passwords. You can take help from tools like  CUPP and CRUNCH . 

Read this article to learn more about, how you can generate a wordlist:

How to Generate a Wordlist for Password Cracking

This guide provides step-by-step instructions on how to generate wordlists for password cracking. Wordlists are essential tools for security professionals and ethical hackers to test and strengthen password security.

The hash I've generated isn't present within the pre-installed wordlists on Kali Linux . Hence, the need arises to generate our custom wordlist using CUPP . 

Upon completion of  Cupp Interactive , you'll be furnished with a well-suited wordlist. 

With the wordlist prepared, we can now proceed to apply it with John the Ripper . Run, john with the following format:

john --format= <specify-hash-format>   <specify-hash-file> --wordlist= <specify-wordlist>

Run it on the terminal:

┌──(kali㉿kali)-[~]

└─$ sudo john --format=Raw-MD5 hashmd.txt --wordlist=techno.txt 

Using default input encoding: UTF-8

Loaded 1 password hash (Raw-MD5 [MD5 128/128 SSE2 4x3])

Warning: no OpenMP support for this hash type, consider --fork=2

Press 'q' or Ctrl-C to abort, almost any other key for status

TechnoScience@123 (?)     

1g 0:00:00:00 DONE (2023-08-16 12:26) 25.00g/s 365200p/s 365200c/s 365200C/s tstechno@*$..TechnoScience@123

Use the "--show --format=Raw-MD5" options to display all of the cracked passwords reliably

Session completed. 

                                                                                                                                  

┌──(kali㉿kali)-[~]

└─$ 

This approach might crack the hash.

Using Johnny

To crack the hash using a graphical Interface, Launch Johnny and load the password file by clicking on " Open password file(PASSWD format) ". 

Configure the hash format and set the path to your wordlist in the options. 

Then, start the attack by clicking, " Start new Attack ." 

Johnny will attempt to crack the password using the wordlist.

Example 2: How to Crack a Password-Protected Encrypted File like '.zip', '.rar'?

In this scenario, I have two encrypted files which are in the form of ".zip" and ".rar" format respectively. 

As you can see, while I try to extract the file, it prompts me to enter a password.

To crack a password-protected encrypted file, we need to obtain the hash associated with it. It is quite simple. 

I will only demonstrate it for ZIP files, you can apply a similar approach to RAR files. Firstly, run the following command on the terminal:

┌──(kali㉿kali)-[~]

└─$ zip2john test.zip > test.txt  

This command will generate a text file containing the password hash. 

Now, that we have the hash file, follow the similar process from Example 1, to crack the password.

┌──(kali㉿kali)-[~]

└─$ sudo john test.txt --wordlist=/usr/share/wordlists/rockyou.txt 

Using default input encoding: UTF-8

Loaded 4 password hashes with 4 different salts (ZIP, WinZip [PBKDF2-SHA1 128/128 SSE2 4x])

Loaded hashes with cost 1 (HMAC size) varying from 1686733 to 2030673

Will run 2 OpenMP threads

Press 'q' or Ctrl-C to abort, almost any other key for status

password123      (test.zip/326094_Overview of Cyber Security _xl-1024-v1-0.png)     

password123      (test.zip/326095_Overview of Cyber Security _xl-1024-v1-0.png)     

password123      (test.zip/326096_Overview of Cyber Security _xl-1024-v1-0.png)     

password123      (test.zip/326093_Overview of Cyber Security _xl-1024-v1-0.png)     

4g 0:00:00:01 DONE (2023-08-16 12:41) 2.666g/s 1365p/s 5461c/s 5461C/s sploit..queen

Use the "--show" option to display all of the cracked passwords reliably

Session completed. 

                                                                                                                                  

┌──(kali㉿kali)-[~]

└─$ 

Once the password is cracked, we can extract the encrypted file effortlessly.

 

Example 3: How to Crack a Password-Protected PDF File?

Cracking a password-protected PDF file follows a process similar to encrypted files. Let's take a look at how to do it.

Here, I have a password-protected PDF file, requiring a password to access its content.

To crack the password of the protected PDF, we first need to obtain its hash. Use the following command: 

┌──(kali㉿kali)-[~]

└─$ pdf2john test.pdf > test.txt

┌──(kali㉿kali)-[~]

└─$ ls

test.pdf    test.txt

Now, that we have the hash file, follow the similar process from Example 1, to crack the password. 

┌──(kali㉿kali)-[~]

└─$ sudo john test.txt --wordlist=/usr/share/wordlists/rockyou.txt

[sudo] password for kali: 

Using default input encoding: UTF-8

Loaded 1 password hash (PDF [MD5 SHA2 RC4/AES 32/64])

Cost 1 (revision) is 4 for all loaded hashes

Will run 2 OpenMP threads

Press 'q' or Ctrl-C to abort, almost any other key for status

Password123      (test.pdf)     

1g 0:00:00:01 DONE (2023-08-16 12:47) 0.8196g/s 27488p/s 27488c/s 27488C/s babyjoy..Fernando

Use the "--show --format=PDF" options to display all of the cracked passwords reliably

Session completed. 

                                                                                                                                  

┌──(kali㉿kali)-[~]

└─$

Once the password is cracked, we can view its content effortlessly.

 

Example 4: How to Crack a Linux Password?

In this example, we'll explore how to crack Linux passwords: 

The process involves obtaining the "/shadow" and "/passwd" files from the "/etc" directory. For demonstration purposes, I've set up three new users on my Ubuntu system to see if John the Ripper can crack their passwords.

To begin, boot your system using a Kali Linux USB drive. If you're unsure about creating a portable USB drive, you can refer to our video guide for assistance.

Steps to create a Bootable Kali Live USB Persistence

Kali Linux is a distribution of Linux that is specifically designed for penetration testing, digital forensics, and other security-related tasks. A "Live" version of Kali allows the user to boot the operating system from a USB drive, rather than installing it on a computer's hard drive.

Once the system is booted, we need to retrieve the shadow and passwd files from the Ubuntu Hard disk using the unshadow command-line tool.

Open Ubuntu Linux hard disk, and navigate to the "/etc" directory: 

Open a terminal from here, and execute the following command: 

sudo unshadow then mention, passwd, and shadow file, and here, specify the destination location as /Desktop . 

┌──(kali㉿kali)-[/media/kali/48980cfe-953e-4bb1-8589-abd9b644327c/etc]

└─$ sudo unshadow passwd shadow > /home/kali/Desktop/linuxpass.txt

                                                                                                                                  

┌──(kali㉿kali)-[/media/kali/48980cfe-953e-4bb1-8589-abd9b644327c/etc]

└─$

This will result in a Linux password hash file on the desktop, change the directory to verify its location:

┌──(kali㉿kali)-[/media/kali/48980cfe-953e-4bb1-8589-abd9b644327c/etc]

└─$ cd /home/kali/Desktop 

                                                                                                                                  

┌──(kali㉿kali)-[~/Desktop]

└─$ ls

linuxpass.txt

                                                                                                                                  

┌──(kali㉿kali)-[~/Desktop]

└─$

Run John against the Linux hash file, to crack the Password:

┌──(kali㉿kali)-[~/Desktop]

└─$ sudo john linuxpass.txt                                       

Using default input encoding: UTF-8

No password hashes loaded (see FAQ)

                                                                                                                                  

┌──(kali㉿kali)-[~/Desktop]

└─$ 

However, the initial attempt at password cracking might not succeed. Therefore, specifying the hash format and trying again is necessary. 

┌──(kali㉿kali)-[~/Desktop]

└─$ sudo john --format=crypt linuxpass.txt 

Using default input encoding: UTF-8

Loaded 4 password hashes with 4 different salts (crypt, generic crypt(3) [?/64])

Cost 1 (algorithm [1:descrypt 2:md5crypt 3:sunmd5 4:bcrypt 5:sha256crypt 6:sha512crypt]) is 0 for all loaded hashes

Cost 2 (algorithm specific iterations) is 1 for all loaded hashes

Proceeding with single, rules:Single

Press 'q' or Ctrl-C to abort, almost any other key for status

0g 0:00:00:49 32.69% 1/3 (ETA: 18:48:31) 0g/s 47.01p/s 47.01c/s 47.01C/s fubuntuubuntu..rubuntu

Session aborted                                                                            

┌──(kali㉿kali)-[~/Desktop]

└─$

This process can be time-consuming due to the limited power of John the Ripper's built-in wordlist. To enhance our chances, let's utilize a pre-installed wordlist. 

For this purpose, we will use rockyou.txt. First, locate the path of rockyou.txt and if this file is in " .gz " format, we have to extract it using gunzip . 

┌──(kali㉿kali)-[~]

└─$ locate rockyou.txt

/usr/share/wordlists/rockyou.txt.gz

┌──(kali㉿kali)-[~]

└─$ sudo gunzip /usr/share/wordlists/rockyou.txt.gz           

┌──(kali㉿kali)-[~]

└─$ 

With the wordlist in place, we'll run John using this wordlist.

┌──(kali㉿kali)-[~/Desktop]

└─$ sudo john --format=crypt linuxpass.txt --wordlist=/usr/share/wordlists/rockyou.txt 

Using default input encoding: UTF-8

Loaded 4 password hashes with 4 different salts (crypt, generic crypt(3) [?/64])

Cost 1 (algorithm [1:descrypt 2:md5crypt 3:sunmd5 4:bcrypt 5:sha256crypt 6:sha512crypt]) is 0 for all loaded hashes

Cost 2 (algorithm specific iterations) is 1 for all loaded hashes

Press 'q' or Ctrl-C to abort, almost any other key for status

password         (user3)     

1234             (ubuntu)     

Thanks to the enriched wordlist, we've been able to successfully crack two passwords. This underscores the impact of using a more potent wordlist in the password-cracking process.

 

Example 5: How to Crack Windows Password?

In this scenario, I'm working with a Windows machine . For the purpose of demonstration, I've established two new user accounts. 

The goal is to assess whether John the Ripper is capable of cracking the passwords associated with these user accounts.

It is always important to know that, 

Windows stores user account passwords in a file called the Security Account Manager (SAM) file.

To crack Windows SAM file passwords, we need to obtain the SAM and SYSTEM files from the Windows system. To get started, boot your system with a Kali Linux USB drive. 

Open the Windows Hard Disk, navigate to the Windows drive → Windows → System32 → config directory. 

The next step involves copying and converting the extracted hashes into a format that John the Ripper can comprehend. To do this, we will use the samdump2 command. 

Open a terminal from here, and execute the following command to Kali home directory:

┌──(kali㉿kali)-[/media/…/8246686546685BC3/Windows/System32/config]

└─$ sudo samdump2 SYSTEM SAM > /home/kali/hashes.txt

                                                                                                                                

┌──(kali㉿kali)-[/media/…/8246686546685BC3/Windows/System32/config]

└─$

With the hash file ready, use John the Ripper to crack passwords:

┌──(kali㉿kali)-[/media/…/8246686546685BC3/Windows/System32/config]

└─$ cd          # Change the directory to /home/Kali                                                                                                                        

┌──(kali㉿kali)-[~]

└─$ ls         # List the files and directories to verify the hash   

Desktop  Documents  Downloads  hashes.txt  Music  Pictures  Public  Templates  Videos                                                                                                                         

┌──(kali㉿kali)-[~]

└─$ sudo john --format= NT hashes.txt --wordlist= /usr/share/wordlists/rockyou.txt

Created directory: /root/.john

Using default input encoding: UTF-8

Loaded 4 password hashes with no different salts (NT [MD4 256/256 AVX2 8x3])

Press 'q' or Ctrl-C to abort, almost any other key for status

iloveyou2        (Newuser)     

microsoft        (Microsoft)     

                 (*disabled* Administrator)     

2356             (windows8-pc)     

4g 0:00:00:01 DONE (2023-08-19 15:18) 2.061g/s 6615Kp/s 6615Kc/s 6619KC/s 23560353..2355345a

Warning: passwords printed above might not be all those cracked

Use the "--show --format=NT" options to display all of the cracked passwords reliably

Session completed. 

                                                                                                                                

┌──(kali㉿kali)-[~]

└─$ 

John the Ripper will automatically begin the process of cracking Windows passwords.

Conclusion

In conclusion, John the Ripper stands out as a robust open-source password-cracking tool, proficient in cracking diverse password hashes using multiple attack methods. On the other hand, Johnny presents a user-friendly graphical interface that streamlines the utilization of John the Ripper, making password-cracking tasks more approachable for users of all levels.