John the Ripper

John the Ripper is a password cracking tool.

Basics

john --format=raw-md5 --wordlist=wordlist.txt hash.txt

To search the type of hash, we can add "--list=format" option.

john --list=formats
john --list=formats | grep -i sha
john --list=formats | grep -i md5

Filter the Word Length of Wordlists

# Up to 5 characters (-max-len:5)
john --wordlist=/usr/share/wordlists/rockyou.txt -max-len:5 hash.txt

# 4 characters only (-min-len:4 -max-len:4)
john --wordlist=/usr/share/wordlists/rockyou.txt -min-len:4 -max-len:4 hash.txt

Generate Custom Wordlist from Original One

Command Options

# Min length: 12
# Max length: 14
john --wordlist=./words.txt --min-len:12 --max-len:14 --stdout > new_words.txt

# Make uppercase to lowercase
cat new_words.txt | tr [:upper:] [:lower:] > new_words_lowercase.txt
# Make lowercase to uppercase
cat new_words.txt | tr [:lower:] [:upper:] > new_words_uppercase.txt

Custom Rules

Add custom rules to "/etc/john/john.conf"

[List.Rules:Custom]
Az"[0-9][0-9][!?#$%&/()=]"                                                                      "

Generate

john --wordlist=./original-wordlist.txt --rules:Custom --stdout > new-wordlist.txt

Remove Cache (Crack Again)

If we can crack the hash that was cracked before, remove "john.pot" which stores cracked passwords.

rm ~/.john/john.pot

Wordlists

Good wordlists

General sources
- Seclists
- Assetnote
Subdomains
- Seclists
  - /Discovery/dns/*