[New post] John The Ripper

Aayush Goel posted: " John the Ripper is one of the most well known and efficient hash cracking tool. It is a fast in cracking, with an extraordinary range of compatible hash types. What is Hash? A hash is basically a fingerprint of any piece of data. The process of" Respond to this post by replying above this line New post on Information Security Blogs John The Ripper by Aayush Goel John the Ripper is one of the most well known and efficient hash cracking tool. It is a fast in cracking, with an extraordinary range of compatible hash types. What is Hash? A hash is basically a fingerprint of any piece of data. The process of hashing is irreversible i.e. information once converted into a hash can't be converted back to the normal readable format. This is used in order to mask any sensitive data like passwords. So, basically data is passed through a hashing algorithm so that it generates a unreadable version of that data. If we take "polo", a string of 4 characters- and run it through an MD5 hashing algorithm, we end up with an output of: b53759f3ce692de7aff1b5779d3964da a standard 32 character MD5 hash. Likewise, if we take "polomints", a string of 9 characters- and run it through the same MD5 hashing algorithm, we end up with an output of: 584b6e4f4586e136bc280f27f9c64f3b another standard 32 character MD5 hash. Some common types of hashing algorithms are: MD5 SHA NTLM ,etc. What does John do? Since, we now know that hashes are irreversible that doesn't mean we can't crack the hash. If you had a hashed version of any password and you know that hashing algorithm, you can hash a list of passwords and compare the hashes and can find your original password. This type of attack is called dictionary attack. John Syntax john [options] [path to file] For example: john --wordlist=/usr/share/wordlists/rockyou.txt crack_hash.txt Sometimes john doesn't work that efficiently but you can use it for a particular hash algorithm. So you can use john for a particular hash. Now, the question is how to find that particular hash algorithm? So there is a python script that one can use to identify the hash or you can use an online tool. Once you get to know the hash algorithm, you can use john as john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt crack_hash.txt Cracking ZIP using JOHN Lets have a password protected zip file named file.zip Lets use a utility zip2john to convert zip file into john's understandable medium We got the hash of the zip file. Lets crack it using johntheripper Bingo we got our password i.e. "iloveyou". You can explore more features of john by this directory: /usr/share/john This free site is ad-supported. Learn more ​ Aayush Goel | September 18, 2021 at 11:21 am | Categories: Uncategorized | URL: https://wp.me/pd4ZLF-aw Comment    See all comments    Like Unsubscribe to no longer receive posts from Information Security Blogs. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: https://aayushforinfosec.wordpress.com/2021/09/18/john-the-ripper/ Thanks for flying with WordPress.com