John The Ripper 0 Password Hashes Cracked 1 Left Hand

'Fossies' - the Fresh Open Source Software Archive

  1. John The Ripper 0 Password Hashes Cracked
  2. John The Ripper Pkzip2
  3. John The Ripper Crack Hashes
John The Ripper 0 Password Hashes Cracked 1 Left Hand

Aug 07, 2017 John the Ripper is one of the most popular password cracking tools available that can run on Windows, Linux and Mac OS X. Just download the Windows binaries of John the Ripper, and unzip it. Open a Command Prompt and change into the directory where John the Ripper is located, then type: john -format=LM d: hash.txt. Using default input encoding: UTF-8 Loaded 1 password hash (Raw-SHA256 SHA256 128/128 SSE2 4x) Press 'q' or Ctrl-C to abort, almost any other key for status 0g 0:00:00:06 DONE (2017-01-06 12:47) 0g/s 2347Kp/s 2347Kc/s 2347KC/s Session completed show $ john -show mypassword 0 password hashes cracked, 1 left What did I do wrong?

Source code changes of the file 'doc/FAQ' between
john-1.7.9-jumbo-7.tar.gz and john-1.8.0-jumbo-1.tar.gz

John The Ripper 0 Password Hashes Cracked

About:

John The Ripper Pkzip2

John - a password cracker (community-enhanced version with more features bu tlower overall quality).
FAQ (john-1.7.9-jumbo-7):FAQ (john-1.8.0-jumbo-1)
John the Ripper FAQ. John the Ripper FAQ.
The latest version of this FAQ may be viewed online at:The latest version of this FAQ may be viewed online at:
http://www.openwall.com/john/doc/FAQ.shtml http://www.openwall.com/john/doc/FAQ.shtml
Help! I can't run John. Help! I can't run John.
If you're not familiar with your OS, you should probably not be usingIf you're not familiar with your OS, you should probably not be using
John in the first place since John is a tool for system administrators.John in the first place since John is primarily a tool for system
However, here are the answers to a few (not very) common questions toadministrators. This is starting to change with the 'community
avoid having them asked over and over and for amusement.enhanced' -jumbo versions' support for things such as password-protected
archives, though.
Here are the answers to a few (not very) common questions to avoid
having them asked over and over and for amusement. For more serious
matters, please skip over to the next section.
Q: When I type 'john' (or 'john passwd', etc.), it says 'command notQ: When I type 'john' (or 'john passwd', etc.), it says 'command not
found' (or equivalent)?!found' (or equivalent)?!
A: The examples given in John the Ripper documentation assume that youA: The examples given in John the Ripper documentation assume that you
know how to invoke newly-built programs from your shell. On Unix-likeknow how to invoke newly-built programs from your shell. On Unix-like
systems, it is typical to not have '.' (the current directory) in yoursystems, it is typical to not have '.' (the current directory) in your
$PATH (the list of directories to search for programs). In that case,$PATH (the list of directories to search for programs). In that case,
you need to type './john' (dot, slash, and 'john', without the quotes)you need to type './john' (dot, slash, and 'john', without the quotes)
to invoke the John binary executable located in the current directory.to invoke the John binary executable located in the current directory.
Q: ...but I am on a Unix-like system and I don't seem to readily have aQ: ...but I am on a Unix-like system and I don't seem to readily have a
John binary executable.John binary executable.
A: Please follow the instructions in INSTALL.A: Please follow the instructions in INSTALL.
Q: When I double-click on 'john.exe', a window flashes and disappears?!Q: When I double-click on 'john.exe', a window flashes and disappears?!
A: You're not supposed to click. You're supposed to run John from aA: You're not supposed to click. You're supposed to run John from a
command-line shell. On Windows, some of those shells would be cmd.exe,command-line shell. On Windows, some of those shells would be cmd.exe,
command.com, or bash (the latter is available with Cygwin).command.com, or bash (the latter is available with Cygwin).
Other trivial matters. Other typical new user questions.
Q: How do I start John on my password file, use a specific crackingQ: How do I start John on my password file, use a specific cracking
mode, see the passwords it cracked, etc?mode, see the passwords it cracked, etc?
A: See README and EXAMPLES. :-)A: See README and EXAMPLES. :-)
Q: How do I 'unshadow'?
A: See EXAMPLES on how to combine your passwd and shadow files, provided
that you have root access to the target system.
Q: Why doesn't John load my password file? It says 'No password hashesQ: Why doesn't John load my password file? It says 'No password hashes
loaded', 'No password hashes loaded (see FAQ)', or 'No password hashesloaded', 'No password hashes loaded (see FAQ)', or 'No password hashes
left to crack (see FAQ)'.left to crack (see FAQ)'.
A: Your password file might be shadowed. You need to get bothA: Your password file taken from a Unix-like system might be shadowed.
/etc/passwd and the shadow file (typically /etc/shadow), and combineYou need to get both /etc/passwd and the shadow file (typically
them into one file for use with John. Please refer to EXAMPLES./etc/shadow or /etc/master.passwd), and combine them into one file using
'unshadow' (which is supplied with John). Please refer to EXAMPLES.
A: All of the password hashes found in the file (that are of the sameA: All of the password hashes found in the file (that are of the same
type as the very first recognized hash in the file unless you're usingtype as the very first recognized hash in the file unless you're using
the '--format=...' option) might be already cracked by previousthe '--format=...' option) might be already cracked by previous
invocations of John. (The message printed in that case has been changedinvocations of John. (The message printed in that case has been changed
to 'No password hashes left to crack (see FAQ)' starting with versionto 'No password hashes left to crack (see FAQ)' starting with version
1.7.7.) To display cracked passwords, use 'john --show' on your1.7.7.) To display cracked passwords, use 'john --show' on your
password hash file(s). To force John to crack those same hashes again,password hash file(s). To force John to crack those same hashes again,
remove the john.pot file.remove the john.pot file.
A: With PWDUMP-format files, John focuses on LM rather than NTLM hashesA: With PWDUMP-format files, John focuses on LM rather than NTLM hashes
by default, and it might not load any hashes at all if there are no LMby default, and it might not load any hashes at all if there are no LM
hashes to crack. To have JtR Pro or a build of JtR with the jumbo patchhashes to crack. To have JtR Pro or a -jumbo version focus on NTLM
focus on NTLM hashes instead, you need to pass the '--format=nt' option.hashes instead, you need to pass the '--format=nt' option.
A: If you're using the '--format' option, try dropping it. Except for
the special case mentioned in the answer above, '--format' is normally a
way to choose one of multiple hash/cipher types found in the same file
or to clarify the hash/cipher type if it would otherwise be ambiguous
(e.g., a 32 hexadecimal character string may correspond to one of many
distinct hash types). That is, you normally only need to use '--format'
when John would otherwise misdetect your hash/cipher type (e.g., when it
says LM and you know that your hashes are in fact raw MD5, you'd use
'--format=raw-md5' with -jumbo) or if it would load undesired entries
from the file. If John does not load anything, then your use of
'--format' is probably unreasonable (or you should be using a different
version/build of John - see the answer below).
A: Your password hash or cipher type(s) might not be supported by John,
or at least by the version and build of John that you're using. If
you're using a non-jumbo version, you will likely want to try -jumbo
instead, which supports a lot of additional hash and cipher types (e.g.,
you currently need -jumbo for raw MD5). If unsuccessful with that and
if other answers (above and below this one) don't apply, please post a
note to the mailing list (see CONTACT) including a sample password file
line that John does not load (please make sure that the password is
already changed by the time you post).
A: John only loads properly formatted text files directly. It can load
/etc/passwd and PWDUMP format files. Starting with version 1.7.6, it
can also load text files containing one password hash per line (and
nothing else on that line). Some other file formats are supported via
extra tools (supplied with John): unafs (Kerberos AFS database files),
undrop (Eggdrop IRC bot userfiles), ssh2john (OpenSSH private keys),
pdf2john (some password-protected PDF files), rar2john (some
password-protected RAR archives), zip2john (some password-protected
PKZIP and WinZip archives). You need -jumbo for most of these. To use
the proper one of these (for your file format), run it on your file(s)
and redirect the output to a new file (using your shell's output
redirection feature - e.g., './ssh2john ~/.ssh/id_rsa > sshpasswd').
Then run John on the resulting file (e.g., './john sshpasswd').
A: The file you're trying to run John on might in fact not be a passwordA: The file you're trying to run John on might in fact not be a password
file at all.file at all.
A: Your command line syntax might be wrong, resulting in John trying toA: Your command line syntax might be wrong, resulting in John trying to
load a wrong file.load a wrong file.
A: Your password file format or hash type(s) might not be supported by
John, or at least by the version and build of John that you're using.Q: John appears to misdetect my hash type. I have raw MD5 hashes from a
If you're positive that this is the case, you may want to check theweb application, but John wrongly says they're LM hashes. How do I get
contributed resources list on John the Ripper homepage for a suitablethem detected correctly?
patch and, if unsuccessful with that, post a note to the mailing listA: Some hash and cipher types use ambiguous encodings - e.g., a 32
(see CONTACT) including a sample password file line that John does nothexadecimal character string may correspond to one of many hash types,
load (please make sure that the password is already changed by the timeincluding raw MD5, LM, NTLM, and many others supported in -jumbo. First
you post).of all, you need a version and build of John that supports your hash and
cipher type. Starting with version 1.7.7 (and 1.7.7-jumbo*) John will
Q: I am getting the error 'fopen: ./all.chr: No such file or directory'suggest alternate hash and cipher types for encodings that it finds
(or 'fopen: ./lanman.chr: No such file or directory').ambiguous (that is, those corresponding to more than one of its
Q: Where are the charset files?supported hash and cipher types). When doing so, it will suggest
A: Development versions of John the Ripper might not include the charsetspecific '--format=...' options to use. For example, when you run a
files. You're supposed to take them out of the latest official release.recent enough -jumbo version on raw MD5 hashes, it loads those as LM
(because they could in fact be LM, as well as for compatibility with
non-jumbo), but it suggests that you use '--format=raw-md5', which is
what you should in fact use in this case. It makes other suggestions as
well because it does not know whether your hashes are raw MD5 or
something else. You're supposed to know this and choose the right one
of the suggested '--format=...' options. If you're not getting a
suggestion like this from John 1.7.7 or newer even though you're not yet
using the '--format' option, this means that your version and build of
John does not recognize the encodings as ambiguous, which may mean that
it does not support the actual hash or cipher type that you have in
mind. If you're already using the '--format' option, try dropping the
option to receive the suggestions. If you're using a non-jumbo version
of John, the first step is for you to try -jumbo instead. As of this
writing, you do need -jumbo for some popular hash types such as raw MD5
and NTLM.
Q: What do the various numbers printed on the status line mean?
A: As of version 1.8.0, the status line may include: successful guess
count ('g'), session duration (in the D:HH:MM:SS format for days, hours,
minutes, and seconds), progress indicator (percent done and optionally
pass number out of the total number of passes), up to four speed metrics
('g/s', 'p/s', 'c/s', and 'C/s'), and the current (range of) candidate
password(s) being tested (John is often able to test multiple candidate
passwords in parallel for better performance, hence a range). The four
speed metrics are as follows: g/s is successful guesses per second (so
it'll stay at 0 until at least one password is cracked), p/s is
candidate passwords tested per second, c/s is 'crypts' (password hash or
cipher computations) per second, and C/s is combinations of candidate
password and target hash per second. Versions of John prior to 1.8.0
displayed only the C/s rate (calling it c/s). When you restore a
pre-1.8.0 session with version 1.8.0 or newer, only the g/s and C/s
rates will be displayed, because the older .rec file format lacked
information needed to compute p/s and c/s.
Q: I am running John for 10 days and it is still not finished?!
Q: How long should I expect John to run?
A: It primarily depends on the cracking mode(s) and on your password
files (in particular, the type of hashes and the number of different
salts, if applicable). Most importantly, you should note that the
'incremental' mode, which a default John run (with no command line
options) proceeds with after being done with the quicker checks, is not
supposed to terminate in a reasonable time. It is up to you to decide
how long you're going to let it run, then consider any uncracked
passwords strong enough. 'Single crack' mode runs typically take from
under a second to one day (depending on the type and number of password
hashes). Wordlist mode runs may also be quick (under a second) for
tiny wordlists and fast hashes or they may take multiple days with large
wordlists, with word mangling rules, and with slow hash types and
substantial numbers of different salts. The status line John reports
whenever you hit a key includes a progress indicator (percent complete)
for 'single crack' and wordlist modes. With no cracking mode requested
explicitly, John will start with 'single crack' mode (pass 1), then
proceed with wordlist mode (pass 2), and finally with 'incremental' mode
(pass 3). The pass numbers are reported on the status line, too. It is
reasonable to let John reach 'incremental' mode (pass 3) and run that
for a while (some days). You will notice that John's success rate (the
number of passwords cracked per hour or per day) will be dropping
rapidly. When you determine that the success rate is low enough, you
interrupt John.
Q: Does John support multi-processing or distributed processing?
A: Yes, but you need to explicitly enable this if desired. Starting
with version 1.8.0, there's the '--fork' option on Unix-like systems (to
make use of multiple CPUs and/or CPU cores in a single system) and the
'--node' option on all systems (this one allows for a trivial form of
distributed processing). The '--fork' and '--node' options may also be
used together. Please refer to OPTIONS for a description of these
options. Additionally, there's built-in parallel processing support
using OpenMP for all crypt(3) hash flavors (DES-, MD5-, and
Blowfish-based) supported by John natively, and when running on Linux or
Solaris also for the underlying system's thread-safe password hashing
function. The latter is only reasonable to use for crypt(3) hash types
not yet supported by John natively (such as for glibc 2.7+ SHA-crypt
hashes as used by recent versions of Fedora and Ubuntu, and for SunMD5
hashes, which may optionally be enabled on Solaris). In 'community
enhanced' -jumbo versions, parallelization with OpenMP is also supported
for many (but not all) of the hash and cipher types added in those
versions (including for their built-in implementation of SHA-crypt).
To use John's OpenMP support, you need to either use an existing
OpenMP-enabled build (e.g., 'john-omp.exe' on Windows) or make an
OpenMP-enabled build by uncommenting one of the OMPFLAGS lines near the
beginning of Makefile. This requires GCC 4.2 or newer, or another
OpenMP-capable C compiler. For other hash or cipher types and/or to
distribute the workload between multiple machines, other approaches need
to be used. One of those approaches is to use the '--fork' and '--node'
options. For a very small number of nodes (CPUs, CPU cores, and/or
machines), it is also reasonable to use a manual approach, such as to
have your nodes try different password lengths. This is easily
accomplished with 'incremental' mode's 'MinLen' and 'MaxLen' settings
(see CONFIG). You might not need to split the workload for 'single
crack' and wordlist modes since these are typically relatively quick,
although '--fork' and '--node' are supported for these modes too. You
may safely run multiple instances of John in the same working directory,
all writing to the same 'pot file' (this is a feature). You do,
however, need to assign each of them a unique session name, with
'--session' (please note that doing so does not eliminate the need to
also distribute the workload with '--node' or otherwise, as discussed
above). Other approaches, such as splitting password files naively
(without regard to salts), are typically less efficient (in some cases
to the extent where there's no speedup from using multiple nodes at
all). Some other approaches, such as using MPI, are listed on the wiki
at: http://openwall.info/wiki/john/parallelization
Q: Where do I get wordlists for use with John?Q: Where do I get wordlists for use with John?
A: http://www.openwall.com/wordlists/A: http://www.openwall.com/wordlists/
Q: Where do I get new versions of John the Ripper?Q: Where do I get new versions of John the Ripper?
Q: Where do I get the source code for John?Q: Where do I get the source code for John?
Q: I only have the source code for John the Ripper, where do I get itQ: I only have the source code for John the Ripper, where do I get it
pre-compiled for my OS (if supported)?pre-compiled for my OS (if supported)?
Q: What is the primary website for John the Ripper?Q: What is the primary website for John the Ripper?
A: http://www.openwall.com/john/A: http://www.openwall.com/john/
Q: How can I contact you (the author)?Q: How can I contact you (the author)?
A: See CONTACT.A: See CONTACT.
(Semi-)advanced topics.Questions sometimes asked by existing users.
Q: I've recently switched my system to MD5-based (or Blowfish-based)Q: I've recently switched my system to Blowfish-based password hashes,
password hashes, but there are still some DES-based hashes in thebut there are still some DES-based and MD5-based hashes in the password
password file. How do I handle multiple hash types in one file?file. How do I handle multiple hash types in one file?
A: Use the '--format=...' option to tell John which hashes you wouldA: Use the '--format=...' option to tell John which hashes you would
like it to load. Unfortunately, you will have to run John for each hashlike it to load. Unfortunately, you will have to run John for each hash
type separately. This requirement may sometimes be avoided with the usetype separately. This requirement may sometimes be avoided with the use
of '--format=crypt', but this is not recommended. Please see theof '--format=crypt', but this is not recommended. Please see the
description of the '--format' option in OPTIONS for more detail.description of the '--format' option in OPTIONS for more detail.
Q: I have 10 users, but John said it loaded 15 password hashes. What'sQ: I have 10 users, but John said it loaded 15 password hashes. What's
going on?going on?
A: Some extremely poorly designed hash types (Windows LM hashes andA: Some extremely poorly designed hash types (Windows LM hashes and
DES-based crypt(3) hashes known as 'bigcrypt') have a property thatDES-based crypt(3) hashes known as 'bigcrypt') have a property that
skipping to change at line 126skipping to change atline 264
certainly look like they are almost random.certainly look like they are almost random.
A: No, they are not. No single candidate password will be tried for aA: No, they are not. No single candidate password will be tried for a
second time and the order in which they are tried is in fact very smart:second time and the order in which they are tried is in fact very smart:
it is based on frequencies of different trigraphs, stored and processedit is based on frequencies of different trigraphs, stored and processed
separately for each character position and for each password length.separately for each character position and for each password length.
Q: Why doesn't John display a progress indicator for the 'incremental'Q: Why doesn't John display a progress indicator for the 'incremental'
mode?mode?
A: Do you really want to see a 0% all the time? As explained in MODES,A: Do you really want to see a 0% all the time? As explained in MODES,
'incremental' mode is not supposed to terminate in a reasonable time.'incremental' mode is not supposed to terminate in a reasonable time.
(There are a few exceptions to this, so a progress indicator might be(There are a few exceptions to this, so a progress indicator has been
added at some point.)added in -jumbo and it might be added in official versions later.)
Q: I am running John for 10 days and it is still not finished?!Q: I just noticed that the p/s, c/s, and C/s rates reported while using
Q: How long should I expect John to run?'incremental' mode are a lot lower than they are with other cracking
A: It primarily depends on the cracking mode(s) and on your passwordmodes. Why is that?
files (in particular, the type of hashes and the number of different
salts, if applicable). Most importantly, you should note that the
'incremental' mode, which a default John run (with no command line
options) proceeds with after being done with the quicker checks, is not
supposed to terminate in a reasonable time. It is up to you to decide
how long you're going to let it run, then consider any uncracked
passwords strong enough. 'Single crack' mode runs typically take from
under a second to one day (depending on the type and number of password
hashes). Wordlist mode runs may also be quick (under a second) for
tiny wordlists and fast hashes or they may take multiple days with large
wordlists, with word mangling rules, and with slow hash types and
substantial numbers of different salts. The status line John reports
whenever you hit a key includes a progress indicator (percent complete)
for 'single crack' and wordlist modes. With no cracking mode requested
explicitly, John will start with 'single crack' mode (pass 1), then
proceed with wordlist mode (pass 2), and finally with 'incremental' mode
(pass 3). The pass numbers are reported on the status line, too. It is
reasonable to let John reach 'incremental' mode (pass 3) and run that
for a while (some days). You will notice that John's success rate (the
number of passwords cracked per hour or per day) will be dropping
rapidly. When you determine that the success rate is low enough, you
interrupt John.
Q: Why does John display meaningless c/s values while cracking, instead
of real 'crypts per second' rate?
A: The values displayed by John mean combinations (of username and
password) per second, not crypts per second. This is the effective
cracking speed that you get on a particular set of password hashes, and
it may be useful, for example, to tune the '--salts=...' threshold and
other settings. If you want a benchmark of the low-level password
hashing routines only, use '--test'. (Future versions of John the
Ripper might report effective and raw c/s rates for different time
intervals. These won't fit on the current status line, though.)
Q: I just noticed that the c/s rate reported while using 'incremental'
mode is a lot lower than it is with other cracking modes. Why?
A: You're probably running John for a few seconds only. The currentA: You're probably running John for a few seconds only. The current
'incremental' mode implementation uses large character sets which need'incremental' mode implementation uses large character sets, which need
to be expanded into even larger data structures in memory each time Johnto be expanded into even larger data structures in memory each time John
switches to a different password length. Fortunately, this is onlyswitches to a different password length. Fortunately, this is only
noticeable when John has just started since the length switches becomenoticeable when John has just started since the length switches become
rare after a few minutes. For long-living sessions, which is where werare after a few minutes. For long-living sessions, which is where we
care about performance the most, this overhead is negligible. This is acare about performance the most, this overhead is negligible. This is a
very low price for the better order of candidate passwords tried.very low price for the better order of candidate passwords tried.
Q: What are the 'real' and 'virtual' c/s rates as reported by '--test'Q: What are the 'real' and 'virtual' c/s rates as reported by '--test'
(on Unix-like operating systems)?(on Unix-like operating systems)?
A: These correspond to real and virtual (processor) time, respectively.A: These correspond to real and virtual (processor) time, respectively.
The two results would differ when the system is under other load, withThe two results would differ when the system is under other load, with
the 'virtual' c/s rate indicating roughly what you could expect to getthe 'virtual' c/s rate indicating roughly what you could expect to get
from the same machine if it were not loaded.from the same machine if it were not loaded.
Q: How can I test John's password hashing routines for proper operation?Q: How can I test John's password hashing routines for proper operation?
A: John always performs a self-test when you run it on a password fileA: John always performs a self-test when you run it on a password file
and refuses to work if an error occurs. If you need to test all of theand refuses to work if an error occurs. If you need to test all of the
low-level routines at once, use '--test'.low-level routines at once, use '--test'.
Q: Does John support multi-processing or distributed processing?
A: There's currently built-in parallel processing support using OpenMP
(to make use of multiple CPUs and/or CPU cores in a single system) for
all crypt(3) hash flavors (DES-, MD5-, and Blowfish-based) supported by
John natively, as well as for LM hashes and, when running on Linux or
Solaris, also for the underlying system's thread-safe password hashing
function. The latter is only reasonable to use for crypt(3) hash types
not yet supported by John natively (that is, for glibc 2.7+ SHA-crypt
hashes as used by recent versions of Fedora and Ubuntu, and for SunMD5
hashes, which may optionally be enabled on Solaris). In 'community
enhanced' -jumbo versions, parallelization with OpenMP is also supported
for many (but not all) of the hash types added in those versions. To
use John's OpenMP support, you need to make an OpenMP-enabled build by
uncommenting one of the OMPFLAGS lines near the beginning of the
Makefile. This requires GCC 4.2 or newer, or another OpenMP-capable C
compiler. For other hash types and/or to distribute the workload
between multiple machines, other approaches need to be used. For a
small number of nodes (CPUs, CPU cores, and/or machines), it is
reasonable to use a manual approach. One of those approaches is to have
your nodes try different password lengths. This is easily accomplished
with 'incremental' mode's 'MinLen' and 'MaxLen' settings (see CONFIG).
Typically, you would not really need to split the workload for 'single
crack' and wordlist modes since these are relatively quick, although you
may dedicate one node to those initially. You may safely run multiple
instances of John in the same working directory, all writing to the same
'pot file' (this is a feature). You do, however, need to assign each of
them a unique session name, with '--session'. Other approaches, such as
splitting password files naively (without regard to salts), are
typically less efficient (in some cases to the extent where there's no
speedup from using multiple nodes at all). Some advanced and automated
approaches are listed on the wiki at:
http://openwall.info/wiki/john/parallelization
Q: What is the format of the crash recovery files ('john.rec', otherQ: What is the format of the crash recovery files ('john.rec', other
.rec's)? What do the numbers mean?.rec's)? What do the numbers mean?
A: The format of these files is deliberately undocumented and is subjectA: The format of these files is deliberately undocumented and is subject
to change without notice. (However, each release of John the Ripper isto change without notice. (However, each release of John the Ripper is
likely to be able to read .rec files produced by at least thelikely to be able to read .rec files produced by at least the
immediately preceding release. Whenever compatibility is broken, Johnimmediately preceding release. Whenever compatibility is broken, John
will refuse to recover the session, leaving the .rec file intact.)will refuse to recover the session, leaving the .rec file intact.)
Although the meaning of some of the numbers that get into .rec files isAlthough the meaning of some of the numbers that get into .rec files is
trivial to explain, it is not possible to reasonably describe sometrivial to explain, it is not possible to reasonably describe some
others without going into great detail on John internals. If you reallyothers without going into great detail on John internals. If you really
need to know, read the source code.need to know, read the source code.
$Owl: Owl/packages/john/john/doc/FAQ,v 1.27 2011/11/21 02:36:55 solar Exp $$Owl: Owl/packages/john/john/doc/FAQ,v 1.34 2013/05/29 22:44:35 solar Exp $
End of changes. 13 change blocks.
106 lines changed or deleted175 lines changed or added
To the Information Files section of the John source changes report or the top of this page
Home | About | All | Newest | Fossies Dox | Screenshots | Comments | Imprint | Privacy | HTTPS

Practice ntds.dit File Part 6: Password Cracking With John the Ripper – Wordlist

After password cracking examples with hashcat, I want to show you how to crack passwords with John the Ripper (remember we also produced hashes for John the Ripper: lm.john.out and nt.john.out).

First we use the rockyou wordlist to crack the LM hashes:

Option –wordlist specifies the wordlist to use, and option –pot specifies the pot file I want to create/use.

Output:

And then we use option –show to display the (partially) recovered passwords:

Output:

Cracking NTLM hashes is done with a similar command, it’s just the name of the files that changes:

Output:

John The Ripper Crack Hashes

And then we use option –show to display the recovered passwords:

Output: