John the ripper password cracker

 

                                                                          Introduction 

John the Ripper is a fast password cracker, currently available for many flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS (the latter requires a contributed patch). Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plus hundreds of additional hashes and ciphers in "-jumbo" versions.John the Ripper is a powerful password-cracking tool used for security auditing and penetration testing. It supports a wide range of hash types, including Unix, Windows, macOS, and even encrypted files like ZIP archives and PDFs.  

                                                     Documentation

The rest of documentation is located in separate files, listed here in the recommended order of reading:

• INSTALL - installation instructions
• OPTIONS - command line options and additional utilities
• MODES - cracking modes: what they are
• CONFIG (*) - how to customize
• RULES (*) - wordlist rules syntax
• EXTERNAL (*) - defining an external mode
• EXAMPLES - usage examples - strongly recommended
• FAQ - guess
• CHANGES (*) - history of changes
• CONTACT (*) - how to contact the author or otherwise obtain support
• CREDITS (*) - credits
• LICENSE - copyrights and licensing terms
• COPYING - GNU GPL version 2, as referenced by LICENSE above

                                                             Attacking mode 

John the Ripper supports several attack modes, each optimized for different password-cracking scenarios. like Single Crack Mode, Wordlist Mode, Incremental Mode, External Mode, Hybrid Attacks. let see this attacking type one by one.

                                                            Single Crack Mode

In this mode, John the Ripper focuses on cracking a single password hash at a time. It inputs a specific hash and applies various techniques to crack the password, such as dictionary attacks, brute force attacks, and rule-based attacks. Good for exploiting weak password choices. command is: john --single hash file name --format= hash type ||| Ex: hash : 0ed542b815a0d4b0c457ad9def1a21d2 

                                                                    Wordlist Mode

In wordlist mode, John the Ripper uses a predefined list of words (commonly known as a wordlist or dictionary) to attempt to crack passwords. It systematically checks each word in the list against the given password hashes to find a match. Often combined with rules to modify entries and improve cracking success. remember once John the Ripper successfully cracks a password, it stores the result in its session file (john.pot). In future runs, it recognizes that the hash has already been cracked and ignores it. command: john --wordlist=your password file path  filename --format=name 

                                                             Incremental Mode

The incremental mode of John the Ripper systematically generates and tests all possible password combinations within a specified length range. It starts with the shortest passwords and progressively moves towards longer ones. This mode is useful when there is no specific information about the password and the need to exhaustively search all possible combinations. Unlike wordlist attacks, it generates passwords dynamically based on character sets, making it effective for short and simple passwords. command: john --incremental --format name file name.  

                                                             External mode or rules

External Mode in John the Ripper allows you to define custom password-generation logic using its built-in scripting language. This mode is useful for crafting highly specific attacks that standard modes don’t cover. 

How External Mode Works

• Uses a custom script written in John’s external filter language.
• Allows for advanced transformations (e.g., reversing words, applying complex substitutions).
• Great for targeted attacks where standard cracking methods fail.

you can see list of all pre-bulid ruls by typing john --list=rules. List Supported Hash Formats :john --list=formats. List Incremental Mode Charset Files: john --list=inc-modes.  List External Mode Functions: john --list=externals. View All Available Modules : john --list=help  john --list=help

help[:WHAT], subformats, inc-modes, rules, externals, ext-modes, ext-hybrids,

ext-filters, ext-filters-only, build-info, encodings, formats, format-classes,

format-details, format-all-details, format-methods[:WHICH], format-tests,

sections, parameters:SECTION, list-data:SECTION, <conf section name>

                                                                      

Shows all defined external attack modes inside john.conf.