Cracking linux user passwords with john the ripper
by Avi Parshan
For starters… we are using john the ripper to crack passcodes, here is my modified config file which can be downloaded with wget on Linux (WSL too)!
The rules are kept in /etc/john/john.conf. First copy it over to the local directory with cp /etc/john/john.conf . Edit and copy back using
sudo cp ./john.conf /etc/john/john.conf wget https://cs.aviparshan.com//static/security-notes/jonh.conf
or download manually:
Edit as you see fit, then with sudo cp it to john’s directory!
Add the popular rockyou password database rockyou.txt as well!
sudo gunzip rockyou.txt.gz
check word count:
wc -l rockyou.txt
and then in JtR use:
john --stdout --wordlist=./rockyou.txt
and send it to a dictionary
john --stdout --wordlist=./rockyou.txt --rules > dict.txt
Now crack it:
and show the result
john ./passwordComplex --show
Once you crack it, you can optionally remove the file via this command:
which will force it to crack from scratch if you enter the same hash again
Other useful sources and links: