Saturday, 14 October 2017

How to Crack Passwords in Kali Linux Using John The Ripper

How to Crack Passwords in Kali Linux Using John The Ripper



John the Ripper Tutorial by CyberFoxes Community


John The Ripper is a free password cracking tool that runs on a many platforms. It has become one of the best password cracking tools as it combines several other password crackers into a single package and has a number of handy features like automatic hash type detection. Password cracking in Kali Linux using this tool is very straight forward which we will discuss in this post.
John the Ripper uses a 2 step process to crack a password. First, it will use the password and shadow file to create an output file. Later, you then actually use the dictionary attack against that file to crack it. To keep it simple, John the Ripper uses the following two files:
/etc/passwd
/etc/shadow

Cracking passwords using John the Ripper

In Linux, password hash is stored in /etc/shadow file. For the sake of this exercise, I will create a new user names john and assign a simple password ‘password’ to him.
I will also add john to sudo group, assign /bin/bash as his shell. There’s a nice article I posted last year which explains user creating in Linux in great details. It’s a good read if you are interested to know and understand the flags and this same structure can be used to almost any Linux/Unix/Solaris operating system. Also, when you create a user, you need their home directories created,
First, let’s create a user named john and assign password as his password. (very secured..yeah!)
cracking-password-in-kali-john-the-ripper-picateshackz-1
root@kali:~# useradd -m john -G sudo -s /bin/bash
root@kali:~# passwd john
Enter new UNIX password: <password>
Retype new UNIX password: <password>
passwd: password updated successfully
root@kali:~#

Unshadowing password

Now that we have created our victim, let’s start with unshadow commands. The unshadow command will combine the entries of /etc/passwd and /etc/shadow to create 1 file with username and password details. When you just type in unshadow, it shows you the usage anyway.
cracking-password-in-kali-john-the-ripper-picateshackz-2
root@kali:~# unshadow
Usage: unshadow PASSWORD-FILE SHADOW-FILE
root@kali:~# unshadow /etc/passwd /etc/shadow > /root/johns_passwd
I’ve redirected the output to /root/johns_passwd file because I got the ticks for organising things. Do what you feel like here.

Cracking process with John the Ripper

At this point, we just need a dictionary file and get on with cracking. John comes with its own small password file and it can be located in /usr/share/john/password.lst. I’ve shown the size of that file using the following command.
root@kali:~# ls -ltrah /usr/share/john/password.lst
You can use your own password lists  or just download a large one from the Internet (there’s lots of dictionary file in terabyte size).
cracking-password-in-kali-john-the-ripper-picateshackz-3
root@kali:~# john --wordlist=/usr/share/john/password.lst /root/johns_passwd 
Created directory: /root/.john
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 2 password hashes with 2 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 SSE2 2x])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
password         (john)
1g 0:00:00:06 DONE (2015-11-06 13:30) 0.1610g/s 571.0p/s 735.9c/s 735.9C/s modem..sss
Use the "--show" option to display all of the cracked passwords reliably
Session completed
root@kali:~#
Looks like it worked. So we can now use john –show option to list cracked passwords. Note that it’s a simple password that existed in the dictionary so it worked. If it wasn’t a simple password, then you would need a much bigger dictionary and a lot longer to crack it.
cracking-password-in-kali-john-the-ripper-picateshackz-4
root@kali:~# john --show /root/johns_passwd 
john:password:1000:1001::/home/john:/bin/bash

1 password hash cracked, 1 left
root@kali:~#
Now that we have completed the basics of John the Ripper and cracked a password using it, it’s possibly time to move on to bigger and more complex things. If you have any doubts regarding this post just type down a comment.

6 comments:

  1. Hello Everyone !

    USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete
  2. How To Crack Passwords In Kali Linux Using John The Ripper ~ Cyberfoxes Community >>>>> Download Now

    >>>>> Download Full

    How To Crack Passwords In Kali Linux Using John The Ripper ~ Cyberfoxes Community >>>>> Download LINK

    >>>>> Download Now

    How To Crack Passwords In Kali Linux Using John The Ripper ~ Cyberfoxes Community >>>>> Download Full

    >>>>> Download LINK

    ReplyDelete

  3. The really amazing deal about contacting Jody Hacklord is that the Hack done by him can’t get traced to you, as every Hacking job he does is strongly protected by his Firewall. It’s like saying if anyone tries to trace the Hack,
    it will lead them to him and he blocks whatever actions they are doing.
    He has been Invisible to Authorities for almost a decade now.
    Another Amazing thing to you benefit from Hiring Jody Hacklord is that you get a Legit and the best Hacking service, As he provides you with Professional Hacking service.
    We perform every Hack there is, using special Hacking tools we get from the dark web. NO UPFRONT PAYMENT.

    Some list of Hacking Services he provides are-:
    ▪️Phone Hacking & Cloning ✅
    ▪️Computer Hacking ✅
    ▪️Emails & Social Media Account Hacking✅
    ▪️Recovering Deleted Files✅
    ▪️Tracking & Finding People ✅
    ▪️Hunting Down Scammers✅
    ▪️Hack detecting ✅
    ▪️Stealing/Copying Files & Documents From Restricted Networks and Servers ✅

    OTHER SPECIAL HACKING SERVICES

    ▪️Binary Option Recovery ✅
    ▪️Scam Money Recovery✅
    ▪️Bitcoin Multiplication✅
    ▪️Change Of Grades In Universities/Colleges ✅
    ▪️Phone Calls Monitoring✅
    ▪️keyLogging Installation✅
    ▪️Remote Access Trojan (RAT) installation ✅
    ▪️Cyber Security Upgrade✅
    ▪️And lots more...........

    Whatever Hacking service you require, just give him an Email using the Email Address or whatsapp number provided below.
    hacklordjody @ gmail . com
    +1 (908) 991‑6649


    ReplyDelete
  4. Hello, I had my Coinbase account compromised and $14,300 total stolen ($9,600 in crypto and $4,700 from my Bank Account. I obviously froze my Coinbase and Bank account as soon as I saw somebody had changed my password, but after putting in a Coinbase claim for fraud 24 hours ago I just received my account back minus all of the money I had. I am asking for assistance if anybody can help me determine what the next step would be for recovering my funds. Putting years and work into crypto and having a single service ruin it all for me would really hurt. Thanks to craker@cyberdude.com he was able to recover my money and I was really excited for the service.
    You can also reach out to him via WhatsApp +1 (908) 533‑1382‬
    God bless 🙏🙏

    ReplyDelete
  5. Good day everyone, I was ashamed to share this but I thought I should as it will be beneficial to someone out there considering the different scams that are happening over the internet, I met this guy online and we started talking, he was very sweet and I never imagined he was going to scam me of my hard-earned money, I sent him a total of $235,000.00 through Bitcoin and bank account, this was going on for weeks and after he took everything from home, he blocked me and stopped picking my calls. I thought all hope was lost until I saw an article on Facebook about a hacker who could help me recover all that I had lost without breaking a sweat, I was not very convinced about it considering I was just scammed but I thought of it and said this couldn’t go wrong than it already did, and to my surprise Cyberwallfire@techie .com was able to recover all my money after I contacted them. This should be a lesson to everyone out there to be aware of internet scams and if you have been scammed of your hard-earned money before then go ahead and contact cyberwallfire@techie.com to help you with the recovery of your money.

    ReplyDelete
  6. I recently lost about $305,050 to a crypto investment scam.
    The company pretended to be an investment firm that could provide a certain percentage of returns if you deposited your Bitcoin with them.
    It appeared real at first, and it worked twice.
    I had no idea they had set up a bot (robot) that would completely shut down your account if you decided to invest heavily.
    As a result, I couldn't access my cryptocurrency.
    I contacted customer service, and they informed me about the (ongoing) website upgrade.
    Long story short!!
    It was a scam, and I was able to conduct research and find a comment about a similar experience, so I was advised to open a detailed case with the digital triangulation experts at thehackerspro forensic firm
    These guys blew me away. so i was told to proceed to open a detailed case with the digital triangulation experts at proh4ckz@protonmail.com Well, These guys amazed me. Lol!! they literally traced and followed the money using the transaction id generated. i just detached 300k out from the outsourced wallets into my trust wallet. i will await the Bnb gas fee paid to go through so i can detach the remaining 105,050

    ReplyDelete

Popular Posts


Types of SQL Injection

SQL injection is a code injection method, used to attack data-driven applications. This vulnerability allows a hacker to submit crafte...

Blog Archive