🔐John the Ripper (JtR)

Advanced Password Cracking Software

📋 Overview

John the Ripper (JtR) adalah open-source password cracking tool yang digunakan untuk mendeteksi password yang lemah. Dikembangkan oleh Openwall, John the Ripper menjadi salah satu tool yang paling powerful dan fleksibel untuk password recovery dan security auditing.

🎯 Key Features

🔐 Multi-Algorithm Support

• Hash Types: MD5, SHA-1, SHA-256, SHA-512, bcrypt, scrypt

• Database Hashes: MySQL, Oracle, PostgreSQL, SQL Server

• Operating Systems: Windows LM/NTLM, Unix shadow, macOS keychain

• Archive Formats: ZIP, RAR, 7-Zip, PDF, Office documents

• Password Managers: KeePass, LastPass, 1Password

⚡ Cracking Modes

• Wordlist Attack - Dictionary-based password testing

• Single Crack - Simple password variations

• Incremental - Brute force with custom charsets

• External Mode - Custom word generation rules

• Markov Mode - Statistical password generation

🔧 Advanced Features

• GPU Acceleration - OpenCL/CUDA support for GPU cracking

• Rule Engine - Advanced password transformation rules

• Session Management - Resume interrupted cracking sessions

• Distributed Cracking - Multi-system support

• Hybrid Attacks - Combination of multiple attack vectors

🛡️ Security Testing

• Password Policy Testing - Verify password strength policies

• Shadow File Analysis - Unix password file cracking

• SAM File Testing - Windows password cracking

• Database Auditing - Test database password security

• Application Testing - Application-specific password cracking

🚀 Installation

Linux Installation

# Ubuntu/Debian
sudo apt-get update
sudo apt-get install john john-data

# Ubuntu latest version from PPA
sudo add-apt-repository ppa:openwall/ppa
sudo apt-get update
sudo apt-get install john

# CentOS/RHEL/Fedora
sudo dnf install john

# From source (latest version)
git clone https://github.com/openwall/john.git
cd john/src
./configure && make -sj4
sudo make install

Windows Installation

# Download from https://www.openwall.com/john/
# Extract to C:\john
# Add to PATH: C:\john\run
# Run from Command Prompt:
john.exe --version

# GPU support (optional)
# Install NVIDIA CUDA drivers or AMD OpenCL drivers

macOS Installation

# Using Homebrew
brew install john

# From source
git clone https://github.com/openwall/john.git
cd john/src
./configure && make -sj4
sudo make install

# Verify installation
john --version

Docker Installation

# Pull John the Ripper image
docker pull openwall/john

# Run container
docker run -it --rm openwall/john

# Run with wordlist volume mount
docker run -it --rm -v /path/to/wordlists:/wordlists openwall/john --wordlist=/wordlists/rockyou.txt hashfile.txt

🔧 Basic Usage

Command Structure

john [options] [password_file]

# Basic syntax
john --wordlist=wordlist.txt hashfile.txt

# Show cracked passwords
john --show hashfile.txt

Common Commands

# Basic wordlist attack
john --wordlist=rockyou.txt hashfile.txt

# Single crack mode (fast, simple passwords)
john --single hashfile.txt

# Incremental mode (brute force)
john --incremental hashfile.txt

# Show cracked passwords
john --show hashfile.txt

# Benchmark performance
john --test

🎯 Attack Modes

Wordlist Attack

# Basic wordlist attack
john --wordlist=rockyou.txt hashfile.txt

# Multiple wordlists
john --wordlist=wordlist1.txt,wordlist2.txt hashfile.txt

# Wordlist with rules
john --wordlist=rockyou.txt --rules hashfile.txt

# Custom wordlist format
john --wordlist=custom.txt --format=raw-md5 hashfile.txt

Single Crack Mode

# Fast single crack mode
john --single hashfile.txt

# Single crack with specific login names
john --single --users=user1,user2 hashfile.txt

# Single crack with external filter
john --single --external=filter_hashcat hashfile.txt

Incremental Mode

# Default incremental mode
john --incremental hashfile.txt

# Custom incremental mode
john --incremental=Alnum hashfile.txt

# Custom charset
john --incremental --min-length=6 --max-length=10 hashfile.txt

# Markov mode (statistical cracking)
john --markov hashfile.txt

Hybrid Attacks

# Wordlist + incremental
john --wordlist=rockyou.txt --incremental hashfile.txt

# Wordlist + rules + external mode
john --wordlist=rockyou.txt --rules --external=hybrid hashfile.txt

# Combination attack
john --wordlist=words1.txt --wordlist=words2.txt --combination hashfile.txt

📊 Hash Format Support

Common Hash Types

# MD5 hashes
john --format=raw-md5 hashfile.txt

# SHA-1 hashes
john --format=raw-sha1 hashfile.txt

# SHA-256 hashes
john --format=raw-sha256 hashfile.txt

# SHA-512 hashes
john --format=raw-sha512 hashfile.txt

# NTLM hashes (Windows)
john --format=NT hashfile.txt

# LM hashes (Legacy Windows)
john --format=LM hashfile.txt

# bcrypt hashes
john --format=bcrypt hashfile.txt

# Unix shadow passwords
john --format=shadow hashfile.txt

Database Hashes

# MySQL hashes
john --format=mysql hashfile.txt

# PostgreSQL hashes
john --format=postgres hashfile.txt

# Oracle hashes
john --format=oracle hashfile.txt

# SQL Server hashes
john --format=mssql hashfile.txt

# LDAP hashes
john --format=ldap hashfile.txt

Archive and Document Hashes

# ZIP archives
john --format=zip hashfile.txt

# RAR archives
john --format=rar hashfile.txt

# PDF documents
john --format=pdf hashfile.txt

# Office documents
john --format=office hashfile.txt

# 7-Zip archives
john --format=7z hashfile.txt

🔧 Advanced Features

Custom Rules

# Built-in rules
john --wordlist=rockyou.txt --rules hashfile.txt

# Specific rule set
john --wordlist=rockyou.txt --rules=single hashfile.txt

# Multiple rule sets
john --wordlist=rockyou.txt --rules=single,extra hashfile.txt

# Custom rule file
john --wordlist=rockyou.txt --rules:custom_rules.conf hashfile.txt

Custom Rule Examples

# custom_rules.conf
[List.Rules:MyRules]
# Add numbers to the end
$[0-9]$[0-9]

# Capitalize first letter
c

# Toggle case
T

# Append common symbols
$! $@ $# $%

# Leetspeak
sS $S

# Duplicate characters
d

# Reverse word
r

GPU Acceleration

# Test GPU support
john --list=opencl-devices

# Use specific GPU device
john --opencl-device=1 --wordlist=rockyou.txt hashfile.txt

# GPU benchmark
john --test --format=raw-md5-opencl

# Multiple GPU devices
john --opencl-device=0,1,2,3 --wordlist=rockyou.txt hashfile.txt

Session Management

# Save session automatically
john --wordlist=rockyou.txt --session=mysession hashfile.txt

# Resume interrupted session
john --restore=mysession

# Show session status
john --status=mysession

# List all sessions
john --list=sessions

🎯 Practical Examples

Unix Password Cracking

# Extract hashes from /etc/shadow
unshadow /etc/passwd /etc/shadow > unshadowed.txt

# Crack with wordlist
john --wordlist=rockyou.txt unshadowed.txt

# Show cracked passwords
john --show unshadowed.txt

Windows Password Cracking

# Extract hashes from SAM file (using secretsdump.py)
secretsdump.py -system SYSTEM -sam SAM LOCAL > windows_hashes.txt

# Crack NTLM hashes
john --format=NT --wordlist=rockyou.txt windows_hashes.txt

# Show results
john --show --format=NT windows_hashes.txt

Database Password Auditing

# MySQL hash cracking
echo "admin:*4ACFE3202A5FF5CF467898FC58AAB1D615029441" > mysql_hashes.txt
john --format=mysql --wordlist=rockyou.txt mysql_hashes.txt

# PostgreSQL hash cracking
echo "postgres:md51ba2c0e2d7b7e0b3a5a2b6c7d8e9f0a1b2c3d4" > postgres_hashes.txt
john --format=postgres --wordlist=rockyou.txt postgres_hashes.txt

Archive Password Recovery

# Create ZIP hash
zip2john encrypted.zip > zip_hash.txt

# Crack ZIP password
john --format=zip --wordlist=rockyou.txt zip_hash.txt

# Show password
john --show --format=zip zip_hash.txt

Web Application Testing

# Crack WordPress passwords
echo '$P$B1234567890abcdef1234567890abcdef' > wp_hashes.txt
john --format=phpass --wordlist=rockyou.txt wp_hashes.txt

# Crack Joomla passwords
echo 'f3e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8:c8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3' > joomla_hashes.txt
john --format=joomla --wordlist=rockyou.txt joomla_hashes.txt

📈 Performance Optimization

CPU Optimization

# Use multiple CPU cores
john --fork=4 --wordlist=rockyou.txt hashfile.txt

# Set process priority
john --fork=4 --priority=low --wordlist=rockyou.txt hashfile.txt

# Limit memory usage
john --max-memory=1000 --wordlist=rockyou.txt hashfile.txt

GPU Optimization

# Optimize for specific GPU
john --opencl-vector-width=8 --wordlist=rockyou.txt hashfile.txt

# Limit GPU memory usage
john --opencl-device-max-size=2000 --wordlist=rockyou.txt hashfile.txt

# Benchmark specific format
john --test --format=raw-md5-opencl --opencl-device=0

Wordlist Optimization

# Create targeted wordlist
cat rockyou.txt | grep -E "[a-z]{6,8}" > targeted.txt

# Remove duplicates
sort -u wordlist.txt > unique_wordlist.txt

# Sort by probability
john --wordlist=rockyou.txt --rules --stdout | sort | uniq -c | sort -nr > sorted_wordlist.txt

🔧 Custom Wordlists

Creating Targeted Wordlists

# Generate wordlist from company information
echo -e "companyname\n2024\npassword\n123456" | john --pipe --rules --stdout > company_wordlist.txt

# Generate numeric patterns
for i in {0000..9999}; do echo "password$i"; done > passwords_with_numbers.txt

# Generate date patterns
for year in {2020..2024}; do
    for month in {01..12}; do
        for day in {01..31}; do
            echo "companyname$year$month$day"
        done
    done
done > date_patterns.txt

Wordlist Combination

# Combine multiple wordlists
cat wordlist1.txt wordlist2.txt wordlist3.txt | sort -u > combined_wordlist.txt

# Append numbers to words
while read word; do
    for num in {0..999}; do
        echo "${word}${num}"
    done
done < base_words.txt > words_with_numbers.txt

# Capitalization variations
while read word; do
    echo "$word"           # original
    echo "${word^}"        # capitalize first letter
    echo "${word^^}"       # all uppercase
    echo "${word,,}"       # all lowercase
done < base_words.txt > capital_variations.txt

📊 Output and Reporting

Showing Results

# Show all cracked passwords
john --show hashfile.txt

# Show specific format results
john --show --format=NT hashfile.txt

# Save results to file
john --show hashfile.txt > cracked_passwords.txt

# Show in specific format
john --show --format=raw-md5 hashfile.txt | cut -d: -f2

Status Monitoring

# Show session status
john --status

# Show detailed status
john --status --verbose

# Progress monitoring
watch -n 5 "john --status"

# Real-time cracking speed
john --wordlist=rockyou.txt hashfile.txt --fork=4 --status --status-timer=5

Log Files

# Enable logging
john --wordlist=rockyou.txt --log=cracking.log hashfile.txt

# Analyze log file
grep "Cracked" cracking.log

# Performance analysis
john --test --format=raw-md5 --log=benchmark.log

🔗 Integration and Automation

Bash Automation

#!/bin/bash
# Automated password cracking script

HASHFILE=$1
WORDLIST_DIR="/usr/share/wordlists"
SESSION_NAME="autocrack"

# Check if hashfile exists
if [ ! -f "$HASHFILE" ]; then
    echo "Hash file not found: $HASHFILE"
    exit 1
fi

# Run multiple attack modes in sequence
echo "Starting wordlist attack..."
john --wordlist=$WORDLIST_DIR/rockyou.txt --session=$SESSIONNAME --fork=4 "$HASHFILE"

echo "Starting single crack mode..."
john --single --session=$SESSIONNAME-single "$HASHFILE"

echo "Starting incremental mode..."
john --incremental --session=$SESSIONNAME-inc "$HASHFILE"

# Show results
echo "Cracked passwords:"
john --show "$HASHFILE"

Python Integration

#!/usr/bin/env python3
# Python script to automate John the Ripper

import subprocess
import time
import os

def run_john(command, session_name=None):
    """Run John the Ripper command"""
    full_command = f"john {command}"
    if session_name:
        full_command += f" --session={session_name}"

    result = subprocess.run(full_command, shell=True, capture_output=True, text=True)
    return result

def main():
    hashfile = "hashes.txt"
    wordlist = "rockyou.txt"
    session_name = "auto_session"

    # Wordlist attack
    print("Running wordlist attack...")
    run_john(f"--wordlist={wordlist} {hashfile}", session_name)

    # Check results
    result = run_john("--show " + hashfile)
    print("Cracked passwords:")
    print(result.stdout)

if __name__ == "__main__":
    main()

CI/CD Integration

# GitHub Actions example
name: Password Cracking
on: [push]

jobs:
  crack-passwords:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install John the Ripper
        run: sudo apt-get install john
      - name: Run password cracking
        run: |
          john --wordlist=rockyou.txt --session=github hashes.txt
          john --show hashes.txt > cracked.txt
      - name: Upload results
        uses: actions/upload-artifact@v3
        with:
          name: cracked-passwords
          path: cracked.txt

🎓 Learning Resources

Official Documentation

• John the Ripper Official Site

• John the Ripper Documentation

• John the Ripper FAQ

• GitHub Repository

Training Resources

• Password Cracking with John the Ripper

• Advanced Password Cracking Techniques

• Password Security Best Practices

Wordlist Resources

• SecLists

• RockYou Wordlist

• Password Common Lists

## 📈 Comparison with Other Tools

| Feature | John the Ripper | Hashcat | Hydra | Medusa |
|---------|------------------|---------|-------|---------|
| **GPU Support** | ✅ OpenCL | ✅ CUDA/OpenCL | ❌ | ❌ |
| **Hash Types** | 200+ | 300+ | N/A | N/A |
| **Rules Engine** | ✅ Advanced | ✅ | ❌ | ❌ |
| **CPU Efficiency** | ✅ Very Good | Good | N/A | N/A |
| **Learning Curve** | 📚 Medium | 📚 Medium | 📚 Easy | 📚 Easy |
| **Community** | 📚 Large | 📚 Large | 📚 Medium | 📚 Small |

## 🔧 Troubleshooting

### Common Issues
```bash
# "No password hashes loaded" error
# Check hash format
john --list=formats | grep -i md5

# Performance issues
# Reduce fork count
john --fork=2 --wordlist=rockyou.txt hashfile.txt

# GPU not detected
# Install appropriate drivers
# Check opencl support
john --list=opencl-devices

# Session corruption
# Remove corrupted session files
rm ~/.john/john.pot
# Start new session

Debug Mode

# Verbose output
john --verbose --wordlist=rockyou.txt hashfile.txt

# Test specific format
john --test --format=raw-md5

# Debug rules
john --wordlist=wordlist.txt --rules --debug=rules hashfile.txt

# Check available formats
john --list=formats

Performance Issues

# Check system resources
htop  # CPU usage
nvidia-smi  # GPU usage

# Optimize settings
john --fork=4 --opencl-device=0 --wordlist=rockyou.txt hashfile.txt

# Use appropriate format
john --format=raw-md5-opencl hashfile.txt  # GPU optimized

🛡️ Security and Legal Considerations

Legal Compliance

• Authorization: Only crack passwords you own or have permission

• Purpose: Use for legitimate security testing and education

• Documentation: Keep records of authorization

• Scope: Stay within defined testing boundaries

Best Practices

• Wordlists: Use legally obtained wordlists

• Results: Handle cracked passwords responsibly

• Storage: Secure sensitive hash and password files

• Cleanup: Remove temporary files and sensitive data

Privacy Protection

• Data Minimization: Only collect necessary data

• Secure Storage: Encrypt sensitive files

• Access Control: Limit access to cracking results

• Retention: Don't keep cracked passwords longer than necessary

---

⚠️ Legal Notice: John the Ripper should only be used for legitimate security testing, password recovery, and educational purposes. Unauthorized password cracking is illegal.

⚡ Pro Tip: Start with fast single crack mode, then wordlist attacks, and finally incremental modes for the best chance of success within reasonable timeframes.

📅 Last Updated: 2024