John the Ripper - jonatello/lab-musing GitHub Wiki

John the Ripper is a password cracker. You can read more about it here - http://www.openwall.com/john/doc/

Configuration

Update the jail

pkg update

pkg upgrade

Install the John the Ripper package

pkg install john-1.8.0.j.1_3

For Bitcoin wallet cracking install the bsddb3 Python package and download the bitcoin2john Python script to a file

pkg install py27-bsddb3-6.2.5_1

curl https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/bitcoin2john.py -o /root/bitcoin2john.py

Usage

As an example, to crack a Bitcoin wallet, we first need to extract a hash for John the Ripper to use. We will assume your wallet.dat (containing your private key) is already copied to /root/wallet.dat and extract the has to wallet.hash

python2.7 bitcoin2john.py wallet.dat > wallet.hash

As an example, to crack a unix password, we first need to extract a hash for John the Ripper to use. We will copy the passwd hashes to passwd.hash

unshadow /etc/passwd /etc/master.passwd > passwd.hash

Once we have a hash to attempt to crack, we can feed it to John the Ripper to make a best guess on the appropriate format to use (bitcoin, unix, etc)

john wallet.hash

You can also specify a format

john --format=bitcoin wallet.hash

Multiple CPU threads can be designated

john wallet.hash --fork=16

You can specify a different wordlist to use than the one John the Ripper ships with

john wallet.hash --wordlist=/root/wordlist.txt

You can resume stored sessions of John the Ripper

john --restore

List all cracked files for a specified hash

john --show wallet.hash

One of the really handy things you can do with John the Ripper is create a new mutated wordlist from an existing one. For instance, if you forgot your password but you had 10 close guess that you're pretty sure it was close to, you could create an expanded wordlist to use. There are many word mangling rules that ship with the tool in order to do this (https://www.openwall.com/john/doc/RULES.shtml). Here is an example to insert 2 characters and then shift the rest right, and then an example to overstrike 2 characters.

john --wordlist=guess.txt --rules:o2 --stdout > guess-mutatedo2.txt

john --wordlist=guess.txt --rules:i2 --stdout > guess-mutatedi2.txt

Sometimes it can be useful to keep track of how man lines are in your lists

wc -l mutatedwordlist.txt

Troubleshooting

Benchmark John the Ripper performance (you can benchmark for many different formats, in this case, for Bitcoin)

john -test --format=bitcoin

If for some reason John is unresponsive or you need to kill it by name

ps aux | grep john | awk '{print }' | xargs kill