John

johntheripper

key featurit detects hash type automatically unlike hashcat

also automatically selects appropriate rules

Usage :

to identify hashtype use online hashes.com or cli hash-identifier

john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

hashes.txt is file containing hashed passwords you want to crack

--wordlist to mention the wordlist you want to use

follwed by t he file containing hashes you want to crack

Format Specific Cracking

list all available formats options -->select desired one

john --list=formats
john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

To show cracked passwords

john hashes.txt --show --format=raw-md5

Commonly used formatsfor quick reference ::

Raw-MD5

Raw-SHA256

Password Cracking Methodology [ the end line ]

1. Identify Hash Type

2. Identify John format for that specific hash type

3. Apply the format along with wordlist to crack

4. Use --show to see the cracked password

Checking Windows Auth Hashes

NT HASH / NTLM

earlier known as as

dump SAM DB on windows machine using tools like mimikataz

on AD DB :: NTDS.dit

--format=LM

--format=NT

in case of windows cracking password is not always necessary becasue we can perform passthehash kind of attacks as well

Cracking /etc/shadow

unshadow /etc/passwd /etc/shadow > hashes.txt

john hashes.txt

to be cont...

fwef

gferrger

wfsfss

fsfgrs