Skip to content

John The Ripper

Jump to bottom
TheGetch edited this page May 14, 2021 · 2 revisions

John The Ripper

John The Ripper

DICTIONARY ATTACK

  • john --format=#type --wordlist=dict.txt hash.txt

BRUTEFORCE ATTACK

  • john --format=#type hash. txt

MASK ATTACK

  • john --format=#type --mask=?l?l?l?l?l?l hash.txt -min-len=6

INCREMENTAL ATTACK

  • john --incremental hash.txt

DICTIONARY + RULES ATTACK

  • john --format=#type --wordlist=dict.t

Other Notes:

BENCHMARK TEST

  • john --test

SESSION NAME

  • john hash.txt --session=example_name

SESSION RESTORE

  • john --restore=example_name

SHOW CRACKED RESULTS -john hash.txt --pot=<john potfile> --show

WORDLIST GENERATION

  • john --wordlist=dict.txt --stdout --external:[filter name] > out.txt

CRACKING SSH KEYS:

  • /usr/share/john/ssh2john.py id_rsa > hash.john
  • john --wordlist=/usr/share/wordlists/rockyou.txt hash.john

CRACKING KRB5TGS KEYS

  • john --format=krb5tgs --wordlist=<passwords_file krb-key.txt

Cracking ASREP Keys

  • john --format=krb5asrep --wordlist=<passwords_file asrep-key.txt

Cracking an unshadowed file: unshadow passwd shadow > unshadowed john -incremental -users:<user list> <file to crack> i.e.: john -incremental -users:victim unshadowed

Show cracked passwords: john --show unshadowed

_Sidebar

Home

1. Recon

Ping Sweep

CIDR to IP

2. Enumeration

Enumeration General Notes

Host/Port Scanning

Services

01. FTP (21)

02. SSH (22)

03. SMTP (25)

04. DNS (53)

05. HTTP (80,443,8080,8443,etc.)

06. POP3 (110)

07. SMB (139,445)

08. SNMP (161,162)

09. LDAP (389)

10. MS-SQL or MySQL (1433,3306)

11. RDP (3389)

12. Winrm (5985)

13. Memcache (11221)

3. Exploitation

Exploitation General Notes

4. Post Exploiation

Post Exploitation General Notes

Editable Service

Privilege Escalation

Scheduled Jobs/Tasks

5. High Value Information

Hashes

6. Reporting

7. Random Notes/Useful Tidbits

Clone this wiki locally