John the Ripper
This article needs additional citations for verification. (June 2014) |
shadow file | |
Developer(s) | OpenWall |
---|---|
Initial release | 1996 [1] |
Stable release | 1.9.0 [2]
/ May 14, 2019 |
Repository | |
Cross-platform | |
Type | Password cracking |
License | GNU General Public License Proprietary (Pro version) |
Website | www |
John the Ripper is a
Sample output
Here is a sample output in a Debian environment.
$ cat pass.txt
user:AZl.zWwxIh15Q
$ john -w:password.lst pass.txt
Loaded 1 password hash (Traditional DES [24/32 4K])
example (user)
guesses: 1 time: 0:00:00:00 100% c/s: 752 trying: 12345 - pookie
The first line is a command to expand the data stored in the file "pass.txt
". The next line is the contents of the file, i.e. the user (AZl
) and the hash associated with that user (zWwxIh15Q
). The third line is the command for running John the Ripper utilizing the "-w
" flag. "password.lst
" is the name of a text file full of words the program will use against the hash, pass.txt
makes another appearance as the file we want John to work on.
Then we see output from John working. Loaded 1 password hash — the one we saw with the "cat" command — and the type of hash John thinks it is (Traditional DES). We also see that the attempt required one guess at a time of 0 with a 100% guess rate.
Attack types
One of the modes John can use is the dictionary attack. It takes text string samples (usually from a file, called a wordlist, containing words found in a dictionary or real passwords cracked before), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John's single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the hashes.
John also offers a
See also
References
- ^ "john-users – Re: When was John created?".
- ^ "Announce - [openwall-announce] John the Ripper 1.9.0-jumbo-1".
- ISBN 0-672-32134-3.
- ^ "Password Crackers". Concise Cybersecurity. Archived from the original on 2017-04-04. Retrieved 2016-12-03.
- ^ "John the Ripper". sectools.org.