John the Ripper is one of the most well known and efficient hash cracking tool.

It is a fast in cracking, with an extraordinary range of compatible hash types.

What is Hash?

A hash is basically a fingerprint of any piece of data. The process of hashing is irreversible i.e. information once converted into a hash can't be converted back to the normal readable format. This is used in order to mask any sensitive data like passwords.

So, basically data is passed through a hashing algorithm so that it generates a unreadable version of that data.

If we take "polo", a string of 4 characters- and run it through an MD5 hashing algorithm, we end up with an output of: b53759f3ce692de7aff1b5779d3964da a standard 32 character MD5 hash.

Likewise, if we take "polomints", a string of 9 characters- and run it through the same MD5 hashing algorithm, we end up with an output of: 584b6e4f4586e136bc280f27f9c64f3b another standard 32 character MD5 hash.

Some common types of hashing algorithms are:

  1. MD5
  2. SHA
  3. NTLM ,etc.

What does John do?

Since, we now know that hashes are irreversible that doesn't mean we can't crack the hash. If you had a hashed version of any password and you know that hashing algorithm, you can hash a list of passwords and compare the hashes and can find your original password. This type of attack is called dictionary attack.

John Syntax

john [options] [path to file]

For example: john --wordlist=/usr/share/wordlists/rockyou.txt crack_hash.txt

Sometimes john doesn't work that efficiently but you can use it for a particular hash algorithm. So you can use john for a particular hash.

Now, the question is how to find that particular hash algorithm?

So there is a python script that one can use to identify the hash or you can use an online tool.

Once you get to know the hash algorithm, you can use john as

john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt crack_hash.txt

Cracking ZIP using JOHN

Lets have a password protected zip file named file.zip

Lets use a utility zip2john to convert zip file into john's understandable medium

We got the hash of the zip file.

Lets crack it using johntheripper

Bingo we got our password i.e. "iloveyou".

You can explore more features of john by this directory: /usr/share/john


This free site is ad-supported. Learn more