Thursday, January 21, 21:31
Home how To John the Ripper: Get to know the most popular tool in the field of ethical ...

John the Ripper: Get to know the most popular tool in ethical hacking

You've probably heard of John the Ripper (JRR), one of the most popular ethical hacking tools that combines many different programs to password cracking using techniques such as Brute Force or dictionary attacks.

John the Ripper ethical hacking

Brute-force attack refers to the exhaustive testing of possible keys that generate a cryptographic key to reveal the original message. A dictionary attack attempts to test "every word in the dictionary" as possible password for an encrypted message. The attacks they usually use a dictionary / dictionaries containing the passwords most often chosen by users, as well as many alphabet words. A dictionary attack is generally more effective than a brute-force attack because users choose weak passwords.

JtR can support several different technologies encryption  in an environment Unix (so Mac) and Windows. It can and does detect the hash function type and compare hashed data to a huge plain text file that contains popular passwords. These codes are "lost" by the JtR which stops the process when there is an match.

This ethical hacking tool contains its own lists of well-known passwords in over 20 different languages. These lists provide JtR with thousands of different passwords / values ​​for which it can generate the corresponding hash value and as a result find the victim password. Because most people use easy-to-remember passwords, the techniques used by JtR are quite effective.

 

Why use it?

As we have already mentioned, John the Ripper is a password cracker that can help identify weak passwords and weak password policies.

The different technologies that it is capable of detecting are:

 

  • UNIX crypt (3)
  • DES-based
  • "Bigcrypt"
  • BSDI extended DES-based
  • MDBSNUMX-based FreeBSD (Linux and Cisco IOS)
  • OpenBSD Blowfish-based
  • Kerberos / AFS
  • Windows LM (DES-based)
  • DES-based tripcodes
  • SHA-crypt hashes (newer Fedora and Ubuntu versions)
  • SHA-crypt and SUNMD5 hashes (Solaris)

 

In the list above, other technologies can be added as JtR is open source and contributors can write support extensions.

 

How to download John the Ripper

The tool is .so you can download and compile the code yourself, download the executable binaries or find it preinstalled in a package for penetration testing.

The official website of John the Ripper is located at Openwall. From there you can download the source code and binaries and then contribute to the project through Github.

 

Unix-based

$ cd ~ / src
$ git clone git: //github.com/magnumripper/JohnTheRipper -b bleeding-jumbo john
$ cd ~ / src / john / src
$ ./configure && make -s clean && make -sj4

 

Windows

Windows users can find the complete documentation with the corresponding installation instructions on the page Wiki by John the Ripper.

Finally, you can find it pre-installed in the well-known operating system distribution for penetration testing, Kali Linux as part of metapackages for password cracking.

 

How to use it

Below you will find basic commands that will help you become more familiar with JtR. For starters, what you need is a file containing a hashed value to decrypt.

If you want to check all available tool commands, you can run the following:

 

. \ john.exe

JtR can work in 3 different modes:

  • Signle crack mode
  • Wordlist mode
  • Incremental

 

The first is the quickest option if you have the entire file to decrypt. Wordlist mode compares the encrypted / hashed value with a list of possible password matches. Accordingly, incremental mode is the most powerful mode of 3 since it tests all possible combinations in order to find the right one password (brute force).

The following command tells JtR to run in single crack mode, then in wordlist mode by comparing the hashed file with default wordlists containing possible passwords, and then in incremental mode.

 

. \ john.exe passwordfile

 

You can download different wordlists from it Internet but also create your own. Use your JtR lists by running the following command:

. \ john.exe passwordfile -wordlist = ”wordlist.txt”

 

Select the desired mode using this parameter:

. \ john.exe –single passwordfile

. \ john.exe –incremental passwordfile

 

To see the list of decrypted passwords, use the -show parameter:

. \ john.exe -show passwordfile

 

If the list of "broken" passwords is large, you can use the corresponding parameters to filter it. For example, to check for user root passwords, use the -users parameter:

. \ john.exe –show –users = 0 passwordfile

 

How did John the Ripper look to you? We look forward to your comments on one of the most popular tools in ethical hacking ...

 

 

 

 

 

LEAVE ANSWER

Please enter your comment!
Please enter your name here

stormi
stormi
Here's the crazy ones, the misfits, the rebels, the troublemakers ...

LIVE NEWS

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...
00:02:35

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...