# John the Ripper (JtR) > **Advanced Password Cracking Software** ## 📋 Overview John the Ripper (JtR) adalah open-source password cracking tool yang digunakan untuk mendeteksi password yang lemah. Dikembangkan oleh Openwall, John the Ripper menjadi salah satu tool yang paling powerful dan fleksibel untuk password recovery dan security auditing. ## 🎯 Key Features ### 🔐 **Multi-Algorithm Support** * **Hash Types**: MD5, SHA-1, SHA-256, SHA-512, bcrypt, scrypt * **Database Hashes**: MySQL, Oracle, PostgreSQL, SQL Server * **Operating Systems**: Windows LM/NTLM, Unix shadow, macOS keychain * **Archive Formats**: ZIP, RAR, 7-Zip, PDF, Office documents * **Password Managers**: KeePass, LastPass, 1Password ### ⚡ **Cracking Modes** * **Wordlist Attack** - Dictionary-based password testing * **Single Crack** - Simple password variations * **Incremental** - Brute force with custom charsets * **External Mode** - Custom word generation rules * **Markov Mode** - Statistical password generation ### 🔧 **Advanced Features** * **GPU Acceleration** - OpenCL/CUDA support for GPU cracking * **Rule Engine** - Advanced password transformation rules * **Session Management** - Resume interrupted cracking sessions * **Distributed Cracking** - Multi-system support * **Hybrid Attacks** - Combination of multiple attack vectors ### 🛡️ **Security Testing** * **Password Policy Testing** - Verify password strength policies * **Shadow File Analysis** - Unix password file cracking * **SAM File Testing** - Windows password cracking * **Database Auditing** - Test database password security * **Application Testing** - Application-specific password cracking ## 🚀 Installation ### Linux Installation ```bash # Ubuntu/Debian sudo apt-get update sudo apt-get install john john-data # Ubuntu latest version from PPA sudo add-apt-repository ppa:openwall/ppa sudo apt-get update sudo apt-get install john # CentOS/RHEL/Fedora sudo dnf install john # From source (latest version) git clone https://github.com/openwall/john.git cd john/src ./configure && make -sj4 sudo make install ``` ### Windows Installation ```powershell # Download from https://www.openwall.com/john/ # Extract to C:\john # Add to PATH: C:\john\run # Run from Command Prompt: john.exe --version # GPU support (optional) # Install NVIDIA CUDA drivers or AMD OpenCL drivers ``` ### macOS Installation ```bash # Using Homebrew brew install john # From source git clone https://github.com/openwall/john.git cd john/src ./configure && make -sj4 sudo make install # Verify installation john --version ``` ### Docker Installation ```bash # Pull John the Ripper image docker pull openwall/john # Run container docker run -it --rm openwall/john # Run with wordlist volume mount docker run -it --rm -v /path/to/wordlists:/wordlists openwall/john --wordlist=/wordlists/rockyou.txt hashfile.txt ``` ## 🔧 Basic Usage ### Command Structure ```bash john [options] [password_file] # Basic syntax john --wordlist=wordlist.txt hashfile.txt # Show cracked passwords john --show hashfile.txt ``` ### Common Commands ```bash # Basic wordlist attack john --wordlist=rockyou.txt hashfile.txt # Single crack mode (fast, simple passwords) john --single hashfile.txt # Incremental mode (brute force) john --incremental hashfile.txt # Show cracked passwords john --show hashfile.txt # Benchmark performance john --test ``` ## 🎯 Attack Modes ### Wordlist Attack ```bash # Basic wordlist attack john --wordlist=rockyou.txt hashfile.txt # Multiple wordlists john --wordlist=wordlist1.txt,wordlist2.txt hashfile.txt # Wordlist with rules john --wordlist=rockyou.txt --rules hashfile.txt # Custom wordlist format john --wordlist=custom.txt --format=raw-md5 hashfile.txt ``` ### Single Crack Mode ```bash # Fast single crack mode john --single hashfile.txt # Single crack with specific login names john --single --users=user1,user2 hashfile.txt # Single crack with external filter john --single --external=filter_hashcat hashfile.txt ``` ### Incremental Mode ```bash # Default incremental mode john --incremental hashfile.txt # Custom incremental mode john --incremental=Alnum hashfile.txt # Custom charset john --incremental --min-length=6 --max-length=10 hashfile.txt # Markov mode (statistical cracking) john --markov hashfile.txt ``` ### Hybrid Attacks ```bash # Wordlist + incremental john --wordlist=rockyou.txt --incremental hashfile.txt # Wordlist + rules + external mode john --wordlist=rockyou.txt --rules --external=hybrid hashfile.txt # Combination attack john --wordlist=words1.txt --wordlist=words2.txt --combination hashfile.txt ``` ## 📊 Hash Format Support ### Common Hash Types ```bash # MD5 hashes john --format=raw-md5 hashfile.txt # SHA-1 hashes john --format=raw-sha1 hashfile.txt # SHA-256 hashes john --format=raw-sha256 hashfile.txt # SHA-512 hashes john --format=raw-sha512 hashfile.txt # NTLM hashes (Windows) john --format=NT hashfile.txt # LM hashes (Legacy Windows) john --format=LM hashfile.txt # bcrypt hashes john --format=bcrypt hashfile.txt # Unix shadow passwords john --format=shadow hashfile.txt ``` ### Database Hashes ```bash # MySQL hashes john --format=mysql hashfile.txt # PostgreSQL hashes john --format=postgres hashfile.txt # Oracle hashes john --format=oracle hashfile.txt # SQL Server hashes john --format=mssql hashfile.txt # LDAP hashes john --format=ldap hashfile.txt ``` ### Archive and Document Hashes ```bash # ZIP archives john --format=zip hashfile.txt # RAR archives john --format=rar hashfile.txt # PDF documents john --format=pdf hashfile.txt # Office documents john --format=office hashfile.txt # 7-Zip archives john --format=7z hashfile.txt ``` ## 🔧 Advanced Features ### Custom Rules ```bash # Built-in rules john --wordlist=rockyou.txt --rules hashfile.txt # Specific rule set john --wordlist=rockyou.txt --rules=single hashfile.txt # Multiple rule sets john --wordlist=rockyou.txt --rules=single,extra hashfile.txt # Custom rule file john --wordlist=rockyou.txt --rules:custom_rules.conf hashfile.txt ``` ### Custom Rule Examples ``` # custom_rules.conf [List.Rules:MyRules] # Add numbers to the end $[0-9]$[0-9] # Capitalize first letter c # Toggle case T # Append common symbols $! $@ $# $% # Leetspeak sS $S # Duplicate characters d # Reverse word r ``` ### GPU Acceleration ```bash # Test GPU support john --list=opencl-devices # Use specific GPU device john --opencl-device=1 --wordlist=rockyou.txt hashfile.txt # GPU benchmark john --test --format=raw-md5-opencl # Multiple GPU devices john --opencl-device=0,1,2,3 --wordlist=rockyou.txt hashfile.txt ``` ### Session Management ```bash # Save session automatically john --wordlist=rockyou.txt --session=mysession hashfile.txt # Resume interrupted session john --restore=mysession # Show session status john --status=mysession # List all sessions john --list=sessions ``` ## 🎯 Practical Examples ### Unix Password Cracking ```bash # Extract hashes from /etc/shadow unshadow /etc/passwd /etc/shadow > unshadowed.txt # Crack with wordlist john --wordlist=rockyou.txt unshadowed.txt # Show cracked passwords john --show unshadowed.txt ``` ### Windows Password Cracking ```bash # Extract hashes from SAM file (using secretsdump.py) secretsdump.py -system SYSTEM -sam SAM LOCAL > windows_hashes.txt # Crack NTLM hashes john --format=NT --wordlist=rockyou.txt windows_hashes.txt # Show results john --show --format=NT windows_hashes.txt ``` ### Database Password Auditing ```bash # MySQL hash cracking echo "admin:*4ACFE3202A5FF5CF467898FC58AAB1D615029441" > mysql_hashes.txt john --format=mysql --wordlist=rockyou.txt mysql_hashes.txt # PostgreSQL hash cracking echo "postgres:md51ba2c0e2d7b7e0b3a5a2b6c7d8e9f0a1b2c3d4" > postgres_hashes.txt john --format=postgres --wordlist=rockyou.txt postgres_hashes.txt ``` ### Archive Password Recovery ```bash # Create ZIP hash zip2john encrypted.zip > zip_hash.txt # Crack ZIP password john --format=zip --wordlist=rockyou.txt zip_hash.txt # Show password john --show --format=zip zip_hash.txt ``` ### Web Application Testing ```bash # Crack WordPress passwords echo '$P$B1234567890abcdef1234567890abcdef' > wp_hashes.txt john --format=phpass --wordlist=rockyou.txt wp_hashes.txt # Crack Joomla passwords echo 'f3e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8:c8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3' > joomla_hashes.txt john --format=joomla --wordlist=rockyou.txt joomla_hashes.txt ``` ## 📈 Performance Optimization ### CPU Optimization ```bash # Use multiple CPU cores john --fork=4 --wordlist=rockyou.txt hashfile.txt # Set process priority john --fork=4 --priority=low --wordlist=rockyou.txt hashfile.txt # Limit memory usage john --max-memory=1000 --wordlist=rockyou.txt hashfile.txt ``` ### GPU Optimization ```bash # Optimize for specific GPU john --opencl-vector-width=8 --wordlist=rockyou.txt hashfile.txt # Limit GPU memory usage john --opencl-device-max-size=2000 --wordlist=rockyou.txt hashfile.txt # Benchmark specific format john --test --format=raw-md5-opencl --opencl-device=0 ``` ### Wordlist Optimization ```bash # Create targeted wordlist cat rockyou.txt | grep -E "[a-z]{6,8}" > targeted.txt # Remove duplicates sort -u wordlist.txt > unique_wordlist.txt # Sort by probability john --wordlist=rockyou.txt --rules --stdout | sort | uniq -c | sort -nr > sorted_wordlist.txt ``` ## 🔧 Custom Wordlists ### Creating Targeted Wordlists ```bash # Generate wordlist from company information echo -e "companyname\n2024\npassword\n123456" | john --pipe --rules --stdout > company_wordlist.txt # Generate numeric patterns for i in {0000..9999}; do echo "password$i"; done > passwords_with_numbers.txt # Generate date patterns for year in {2020..2024}; do for month in {01..12}; do for day in {01..31}; do echo "companyname$year$month$day" done done done > date_patterns.txt ``` ### Wordlist Combination ```bash # Combine multiple wordlists cat wordlist1.txt wordlist2.txt wordlist3.txt | sort -u > combined_wordlist.txt # Append numbers to words while read word; do for num in {0..999}; do echo "${word}${num}" done done < base_words.txt > words_with_numbers.txt # Capitalization variations while read word; do echo "$word" # original echo "${word^}" # capitalize first letter echo "${word^^}" # all uppercase echo "${word,,}" # all lowercase done < base_words.txt > capital_variations.txt ``` ## 📊 Output and Reporting ### Showing Results ```bash # Show all cracked passwords john --show hashfile.txt # Show specific format results john --show --format=NT hashfile.txt # Save results to file john --show hashfile.txt > cracked_passwords.txt # Show in specific format john --show --format=raw-md5 hashfile.txt | cut -d: -f2 ``` ### Status Monitoring ```bash # Show session status john --status # Show detailed status john --status --verbose # Progress monitoring watch -n 5 "john --status" # Real-time cracking speed john --wordlist=rockyou.txt hashfile.txt --fork=4 --status --status-timer=5 ``` ### Log Files ```bash # Enable logging john --wordlist=rockyou.txt --log=cracking.log hashfile.txt # Analyze log file grep "Cracked" cracking.log # Performance analysis john --test --format=raw-md5 --log=benchmark.log ``` ## 🔗 Integration and Automation ### Bash Automation ```bash #!/bin/bash # Automated password cracking script HASHFILE=$1 WORDLIST_DIR="/usr/share/wordlists" SESSION_NAME="autocrack" # Check if hashfile exists if [ ! -f "$HASHFILE" ]; then echo "Hash file not found: $HASHFILE" exit 1 fi # Run multiple attack modes in sequence echo "Starting wordlist attack..." john --wordlist=$WORDLIST_DIR/rockyou.txt --session=$SESSIONNAME --fork=4 "$HASHFILE" echo "Starting single crack mode..." john --single --session=$SESSIONNAME-single "$HASHFILE" echo "Starting incremental mode..." john --incremental --session=$SESSIONNAME-inc "$HASHFILE" # Show results echo "Cracked passwords:" john --show "$HASHFILE" ``` ### Python Integration ```python #!/usr/bin/env python3 # Python script to automate John the Ripper import subprocess import time import os def run_john(command, session_name=None): """Run John the Ripper command""" full_command = f"john {command}" if session_name: full_command += f" --session={session_name}" result = subprocess.run(full_command, shell=True, capture_output=True, text=True) return result def main(): hashfile = "hashes.txt" wordlist = "rockyou.txt" session_name = "auto_session" # Wordlist attack print("Running wordlist attack...") run_john(f"--wordlist={wordlist} {hashfile}", session_name) # Check results result = run_john("--show " + hashfile) print("Cracked passwords:") print(result.stdout) if __name__ == "__main__": main() ``` ### CI/CD Integration ```yaml # GitHub Actions example name: Password Cracking on: [push] jobs: crack-passwords: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Install John the Ripper run: sudo apt-get install john - name: Run password cracking run: | john --wordlist=rockyou.txt --session=github hashes.txt john --show hashes.txt > cracked.txt - name: Upload results uses: actions/upload-artifact@v3 with: name: cracked-passwords path: cracked.txt ``` ## 🎓 Learning Resources ### Official Documentation * [John the Ripper Official Site](https://www.openwall.com/john/) * [John the Ripper Documentation](https://www.openwall.com/john/doc/) * [John the Ripper FAQ](https://www.openwall.com/john/faq/) * [GitHub Repository](https://github.com/openwall/john) ### Training Resources * [Password Cracking with John the Ripper](https://null-byte.wonderhowto.com/) * [Advanced Password Cracking Techniques](https://www.kali.org/tools/john/) * [Password Security Best Practices](https://www.sans.org/white-papers/) ### Wordlist Resources * [SecLists](https://github.com/danielmiessler/SecLists) * [RockYou Wordlist](https://github.com/danielmiessler/SecLists/blob/master/Passwords/rockyou.txt) * [Password Common Lists](https://weakpass.com/wordlist/) ```` ## 📈 Comparison with Other Tools | Feature | John the Ripper | Hashcat | Hydra | Medusa | |---------|------------------|---------|-------|---------| | **GPU Support** | ✅ OpenCL | ✅ CUDA/OpenCL | ❌ | ❌ | | **Hash Types** | 200+ | 300+ | N/A | N/A | | **Rules Engine** | ✅ Advanced | ✅ | ❌ | ❌ | | **CPU Efficiency** | ✅ Very Good | Good | N/A | N/A | | **Learning Curve** | 📚 Medium | 📚 Medium | 📚 Easy | 📚 Easy | | **Community** | 📚 Large | 📚 Large | 📚 Medium | 📚 Small | ## 🔧 Troubleshooting ### Common Issues ```bash # "No password hashes loaded" error # Check hash format john --list=formats | grep -i md5 # Performance issues # Reduce fork count john --fork=2 --wordlist=rockyou.txt hashfile.txt # GPU not detected # Install appropriate drivers # Check opencl support john --list=opencl-devices # Session corruption # Remove corrupted session files rm ~/.john/john.pot # Start new session ```` ### Debug Mode ```bash # Verbose output john --verbose --wordlist=rockyou.txt hashfile.txt # Test specific format john --test --format=raw-md5 # Debug rules john --wordlist=wordlist.txt --rules --debug=rules hashfile.txt # Check available formats john --list=formats ``` ### Performance Issues ```bash # Check system resources htop # CPU usage nvidia-smi # GPU usage # Optimize settings john --fork=4 --opencl-device=0 --wordlist=rockyou.txt hashfile.txt # Use appropriate format john --format=raw-md5-opencl hashfile.txt # GPU optimized ``` ## 🛡️ Security and Legal Considerations ### Legal Compliance * **Authorization**: Only crack passwords you own or have permission * **Purpose**: Use for legitimate security testing and education * **Documentation**: Keep records of authorization * **Scope**: Stay within defined testing boundaries ### Best Practices * **Wordlists**: Use legally obtained wordlists * **Results**: Handle cracked passwords responsibly * **Storage**: Secure sensitive hash and password files * **Cleanup**: Remove temporary files and sensitive data ### Privacy Protection * **Data Minimization**: Only collect necessary data * **Secure Storage**: Encrypt sensitive files * **Access Control**: Limit access to cracking results * **Retention**: Don't keep cracked passwords longer than necessary *** **⚠️ Legal Notice**: John the Ripper should only be used for legitimate security testing, password recovery, and educational purposes. Unauthorized password cracking is illegal. **⚡ Pro Tip**: Start with fast single crack mode, then wordlist attacks, and finally incremental modes for the best chance of success within reasonable timeframes. *📅 Last Updated: 2024*