Back to course

Tool: John the Ripper (JTR) Setup and Basics

Cyber Security Mastery: From Zero to Hero

John the Ripper (JTR)

John the Ripper is a popular, open-source password cracking utility. It is designed to combine several cracking modes to quickly test password hashes.

JTR Cracking Modes

  1. Dictionary Attack: Testing passwords from a massive list of common words, phrases, and leaked credentials (wordlist).
  2. Brute Force: Trying every possible character combination (highly resource-intensive).
  3. Single Crack Mode: Testing against dictionary words derived from the username or system information (e.g., trying 'user123').

Basic Workflow (Linux)

  1. Extract Hashes: Use a tool (like unshadow on Linux) to combine the user file (/etc/passwd) and the hash file (/etc/shadow) into a JTR-readable format.
  2. Run Dictionary Attack:

bash

Use rockyou.txt (a popular leaked dictionary file)

john --wordlist=/usr/share/wordlists/rockyou.txt hash_file.txt

Show successfully cracked passwords

john --show hash_file.txt