Cracking with John - CraigDonkin/Infrastructure GitHub Wiki

https://github.com/magnumripper/JohnTheRipper

General John Options

john --wordlist= wordlist

john --show passwd showcracked hash

john --restore continues interupted session

john -rules:rulename to use a rule

john --incrementalincremental brute force, the most powerful mode which will try any character combination to crack the password

john --mask=?1?1?1?1?1?1?1?1 -1=[A-Z] file.txt -min-len=8 Mask mode

john --single passwd1 passwd2 load two file to crack at once

john --session=sessionname give john a session name

john --status=sessionname see status of session

john --wordlist=all.lst --rules --shells=sh,csh,tcsh,bash mypasswd Only crack specific shells

john --rules this will run the default rules at the bottom of the /etc/john.conf file. Otherwise specify the names of custom rules that have been created

Effective John Rules

[List.Rules:simple]
# Word (optional capital)
-[c:] <* \p[c:]
# Word with 1-digit suffix (optional capital)
-[c:] <* \p[c:] $[0-9]
# Word with 1-digit suffix and an exclamation mark (optional capital)
-[c:] <* \p[c:] $[0-9]$!
# Word with 123 suffix (optional capital)
-[c:] <* \p[c:] $1$2$3
# Word with initial uppercase letter year suffix (optional capital)
-[c:] <* \p[c:] $1$[5678]
-[c:] <* \p[c:] $2$0$1$[5678]

Converting Files for John

The conversion scripts can be found in https://github.com/magnumripper/JohnTheRipper/tree/bleeding-jumbo/run

The /run folder of John.

Linux Passwords

unshadow /etc/passwd /etcshadow > passwords.txt

Wordlist brute force:

john --wordlist=blah.txt passwords.txt

SSH Key Password

ssh2john id_rsa > ssh.hash

john --wordlist=blah.txt ssh.hash

Keepass2 Database Password

keepas2john blah.kbd > kbd.hash

john --wordlist=blah.txt kbd.hash

Encrypted RAR File

rar2john blah.rar > rar.hash

john --wordlist=blah.txt rar.hash

Encrypted Zip File

zip2john blah.zip > blah.hash

john --wordlist=blah.txt blah.hash

PDF File

pdf2john.py blah.pdf > blah.hash

john --wordlist=blah.txt blah.hash

MacOS Disk Image

dmg2john blah.sparsebundle > blah.hash

john --wordlist=blah blah.hash

May need to add the format=dmg-opencl option

GPG Private Key Password

gpg2john blah.asc > blah.hash

john --wordlist=blah.txt blah.hash

hccap2john

``hccap2john blah.hccap > blah.hash`

john --wordlist=blah.txt --format=wpapsk blah.hash

MAC Keychain

keychain2john blah.keychain > blah.hash

`john --wordlist=blah.txt blah.hash

Reference Articles

https://bytesoverbombs.io/cracking-everything-with-john-the-ripper-d434f0f6dc1c

https://wiki.loopback.org/display/KB/How+to+brute+force+crack+a+MacOS+disk+image

https://countuponsecurity.files.wordpress.com/2016/09/jtr-cheat-sheet.pdf

⚠️ **GitHub.com Fallback** ⚠️