CS Resources

Computer Science Resources and Links from Avi Parshan

View project on GitHub

Cracking linux user passwords with john the ripper

Written on September 18, 2022

by Avi Parshan

For starters… we are using john the ripper to crack passcodes, here is my modified config file which can be downloaded with wget on Linux (WSL too)!

Dall-e Cyber Logo

The rules are kept in /etc/john/john.conf. First copy it over to the local directory with cp /etc/john/john.conf . Edit and copy back using

sudo cp ./john.conf /etc/john/john.conf

wget https://cs.aviparshan.com//static/security-notes/jonh.conf

or download manually:

John Ripper Rules

Edit as you see fit, then with sudo cp it to john’s directory!

Add the popular rockyou password database rockyou.txt as well!

or here:

wget  https://github.com/praetorian-inc/Hob0Rules/raw/master/wordlists/rockyou.txt.gz

unzip it:

sudo gunzip rockyou.txt.gz 

check word count:

 wc -l rockyou.txt  

and then in JtR use:

john --stdout --wordlist=./rockyou.txt

and send it to a dictionary

john --stdout --wordlist=./rockyou.txt --rules > dict.txt

Now crack it:

john ./passwordComplex

and show the result

john ./passwordComplex --show

Once you crack it, you can optionally remove the file via this command:

rm ~/.john/john.pot

which will force it to crack from scratch if you enter the same hash again

Wordlist configurations

Rock you DB

JtR Tutorial


JohnTheRipper Security Passwords Hashing