Cracking linux user passwords with john the ripper
Written on September 18, 2022
by Avi Parshan
For starters… we are using john the ripper to crack passcodes, here is my modified config file which can be downloaded with wget on Linux (WSL too)!
The rules are kept in /etc/john/john.conf. First copy it over to the local directory with cp /etc/john/john.conf . Edit and copy back using
sudo cp ./john.conf /etc/john/john.conf
wget https://cs.aviparshan.com//static/security-notes/jonh.conf
or download manually:
Edit as you see fit, then with sudo cp it to john’s directory!
Add the popular rockyou password database rockyou.txt as well!
or here:
wget https://github.com/praetorian-inc/Hob0Rules/raw/master/wordlists/rockyou.txt.gz
unzip it:
sudo gunzip rockyou.txt.gz
check word count:
wc -l rockyou.txt
and then in JtR use:
john --stdout --wordlist=./rockyou.txt
and send it to a dictionary
john --stdout --wordlist=./rockyou.txt --rules > dict.txt
Now crack it:
john ./passwordComplex
and show the result
john ./passwordComplex --show
Once you crack it, you can optionally remove the file via this command:
rm ~/.john/john.pot
which will force it to crack from scratch if you enter the same hash again
Other useful sources and links:
Tags:
JohnTheRipper
Security
Passwords
Hashing