Introduction

In the world of cybersecurity and ethical hacking, password security is paramount. One of the most widely used tools for password cracking is John the Ripper (JTR). Bundled with Kali Linux, this versatile and powerful tool is used by ethical hackers, penetration testers, and forensic investigators to test password strength and recover lost credentials.

This article provides a complete usage guide for John the Ripper, including installation, configuration, commands, examples, and best practices.

What is John the Ripper?

John the Ripper is an open-source password cracking tool developed to detect weak passwords. It works by taking text string samples (usually from wordlists) and encrypting them in the same way as the password being tested. It then compares the output to the target hash.

Key Features

  • Supports multiple hash types: MD5, SHA1, bcrypt, NTLM, and more

  • Highly customizable attack modes

  • Fast performance, especially with compiled C code

  • Built-in support for Unix/Linux password files (/etc/shadow)

  • Plug-in support for external modules

Installing John the Ripper in Kali Linux

John is pre-installed in Kali Linux. You can check by typing:

bash

john --help

If it's not installed:

bash

sudo apt update
sudo apt install john

Understanding Hash Formats Supported

John supports many hash types:

  • Unix password hashes (DES, MD5, SHA256, SHA512)

  • Windows LM and NTLM

  • MD5, SHA1, SHA256, SHA512

  • bcrypt, SHA-crypt

  • ZIP/RAR file hashes

  • Custom hash formats via plugins

To list all supported hash types:

bash

john --list=formats

Basic Usage – Cracking Linux System Passwords

Step 1: Extracting Hashes

To crack system passwords, combine /etc/passwd and /etc/shadow using:

bash

unshadow /etc/passwd /etc/shadow > myhashes.txt

Step 2: Running John with a Wordlist

bash

john --wordlist=/usr/share/wordlists/rockyou.txt myhashes.txt

This command will start cracking the passwords in myhashes.txt using the rockyou.txt wordlist.

Advanced Usage

1. Resume a Cracking Session

If John was interrupted:

bash

john --restore

To start a named session:

bash

john --session=sessionname --wordlist=rockyou.txt myhashes.txt

Resume it with:

bash

john --restore=sessionname

2. Check Cracked Passwords

After John cracks some hashes, check the results with:

bash

john --show myhashes.txt

3. Brute Force (Incremental) Mode

bash

john --incremental myhashes.txt

Use this if wordlist fails. It's slower but thorough.

4. Custom Rules and Wordlists

You can modify the john.conf file to create custom rules for word mangling. Example rule:

csharp

[List.Rules:MyRule]
c Az"[0-9]"

Then use:

bash

john --rules=MyRule --wordlist=custom.txt myhashes.txt

Cracking Windows Password Hashes

Step 1: Dump the Hashes

Use a tool like samdump2 or pwdump to extract SAM and SYSTEM files.

bash

samdump2 SYSTEM SAM > hashes.txt

Step 2: Crack the Hashes

bash

john --format=nt hashes.txt

Cracking ZIP/RAR File Passwords

Use tools like zip2john and rar2john to extract the hash:

bash

zip2john protected.zip > ziphash.txt
john ziphash.txt

Cracking Wi-Fi Passwords (WPA/WPA2)

You can use aircrack-ng to capture handshake files, then convert them:

bash

aircrack-ng -J handshake capture.cap
john --wordlist=rockyou.txt handshake.hccap

However, hashcat is generally preferred for WPA cracking.

Supported Utilities with John

  • unshadow: Combines passwd and shadow files

  • zip2john, rar2john, pdf2john: Extract hashes from archives

  • base64conv, ssh2john, gpg2john: Convert formats for cracking

Performance Tuning

  • Compile from source with OpenMP support for multicore use

  • Use GPU version (John Jumbo or Hashcat for large-scale cracking)

  • Monitor system resource usage (htop, nmon)

Best Wordlists to Use

  • /usr/share/wordlists/rockyou.txt

  • SecLists GitHub repo

  • Custom-generated with Crunch or CeWL

Ethical Considerations

⚠️ Important: Only use John the Ripper on systems you own or have explicit written permission to test.

Unauthorized password cracking is illegal in most jurisdictions.

Tips and Best Practices

  • Use a dedicated lab environment

  • Start with dictionary attacks; escalate to brute-force if needed

  • Use --fork for multicore processing

  • Automate with scripts for repeat testing

  • Always log your sessions (--session)

Sample Workflow

bash

# Step 1: Extract hashes
unshadow passwd shadow > hashes.txt

# Step 2: Crack using a wordlist
john --wordlist=rockyou.txt hashes.txt

# Step 3: View cracked passwords
john --show hashes.txt

Troubleshooting

IssueSolution
No hashes loadedCheck if hash format is supported; try --format= option
Cracking is too slowUse optimized builds, or GPU-supported version
John exits with errorCheck file paths and formats, update John if needed

Conclusion

John the Ripper is a staple in any ethical hacker’s toolbox. Its flexibility, performance, and broad hash support make it suitable for a wide range of password recovery and security auditing tasks.

Whether you're testing Unix passwords, Windows credentials, or ZIP file protections, John provides the means to explore password security responsibly and effectively.

Always remember to use these tools ethically and legally. Stay sharp, stay ethical, and keep learning.