Lets's crack together, BABY!
What Is John the Ripper?
One of the most amazing security tools which can be used to crack passwords is " John the Ripper ". It has a high rank among all of its other counterparts like:
Cain and Abel
in the market, supported by sectools.org which assures such information implying a sort of reliability.
Actually, it is a free software which is considered a great characteristic of such a program. The same as Metasploit, John the Ripper is a part of the Rapid7 family of hacking/penetration testing tools.
John the Ripper was published in 2013 with in 1.8.0 version release for the first time as a stable version. The great production and development of such tool is fundamentally attributed to Solar Designer and the community of such software. It is an open source program adhering to the license of GNU General Public License (GNU GPL).7
Back in the days, “Cracker Jack” was developed for the sake of cracking Unix /etc/passwd files leveraging a dictionary. Then, John the Ripper was published as a successor. Moreover, a “Pro” version was developed to include more features than the ordinary version. Especially that it has the capability to include many more hash types on which encrypted passwords are based in the first place. The Ripper’s commercial version is the most used among penetration testers for cracking passwords.
This is essentially because of both its speed and great performance.
How does John the Ripper work?
First of all, you have to have an idea of the field of science which is basically perceived as cryptanalysis. In fact, there exist some vulnerabilities in passwords, which opens the gate for hackers to exploit in order to get the password back from its encrypted format following the use of a hashing method.
It leverages brute-force attacks in order to find the password.
I mean, it is simply a method which mainly depends on performing a cross-checking in a try and fail manner against a cryptographic hash which is available for the password.
On the one hand, a hacker’s computer can guess the right password and recover it, especially if the password contains clear-text words for which a “dictionary attack” is where the process is derived. (Take care of your CPU utilization)
On the other hand, a password could be recovered through a process which is called ‘rainbow’ table. It is much faster and contains password hashes from which a password is guessed by a computer system.
JtR is used for these common Types of Attacks:
There are basically two main types of attacks harnessed by John the Ripper in order for it to crack any password.
String samples are essentially taken from a specific wordlist, text-file, a dictionary, or past cracked passwords.
They are then encrypted identically to the method, key, and algorithm in which the desired password was encrypted originally
Dictionary words could also be altered in a randomized manner to check if they work this way
Single attack mode of John the Ripper can do such alterations. Accordingly, different hashes’ variations are compared when using different alterations.
Brute Force Attack
All possible plaintexts composed of usernames with encrypted passwords are all exhausted to find the right one
They are all hashed and compared to the originally inputted hash.
Character frequency tables are used by the program for the sake of including the most probable used characters first.
This method is so slow, yet it could identify those passwords having no existence in a dictionary.
On which Operating Systems can I run John the Ripper?
Unix, which was the very first operating system to originally run John the Ripper
Eleven Unix-like operating systems such as Linux and similar operating systems.
Features Offered by John the Ripper
Let’s now also discuss why John the Rapper is considered as a really efficient password cracking tool. This piece of gold fulfills all of what is needed from the perspective of a password cracker.
I will summarize some of the key features here for you:
A lot of password crackers is all compacted into on platform or package.
Hash types used by passwords could be autodetected
Different types of encrypted passwords based on varies hashes are up to be broken by John the Ripper such as:
Crypt passwords hash types which are essentially based on Data Encryption Standard (DES), MD5, and Blowfish hashes used on a lot of Unix versions.
Hash of type Windows NT/2000/XP/2003 LM
Password hashes which depend on MD-4 as well are detected by some extra modules
Kerberos Andrew File System (Kerberos AFS) hash
Such modules have the capability to detect password relying on Lightweight Directory Access Protocol (LDAP) and MySQL as well.
Cracker could also be customized by the user
An white-hat approach on the other hand, which is mainly useful for penetration testers, is to get the users informed of their passwords being weak. This way can propose that users afterward shall choose a stronger password. “unafs” is the tool mainly used for this purpose.
What is the biggest difference between John the Ripper and THC Hydra?
The Hacker’s Choice Hierarchical Yet Dynamically Reprogrammable Architecture (THC-HYDRA) is ONLINE.
We have seen through our previous discussion of the John the Ripper that it works on cracking passwords whilst OFFLINE. Nevertheless, THC-HYDRA is not the same. It is considered as an online password cracking tool. Both of them are perfect in their fields with no major pitfalls.
Common problems with John the Ripper:
One of the most common errors which you could get is this: 😈
As you can see in the snippet above the specific error relates to ld not being able to locate -lOpenCL or the OpenCL library it needs.
As you can see in the above output there are two OpenCL libraries found. The JtR compile process was looking for libOpenCL.so.1. To accomplish this I created a symbolic link using the below syntax.
Once the above symbolic link was created the John The Ripper compile process was able to complete without any further issues.
TRADEMARK LEGAL NOTICE
All product names, logos, and brands are the property of their respective owners in Austria or other countries. All company, product and service names used in this website are for identification purposes only. Pheniix is not affiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, OpenStack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies. Use of these names, logos, and brands does not imply endorsement. The opinions expressed in Pheniix are personal perspectives and not those of Cisco, Dimension Data or any other company. Pheniix runs as an independent blog.