HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Cracking 🔓 John the Ripper - Cheatsheet, Tips and Cracking Techniques

dEEpEst

dEEpEst

☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Mar 29, 2018
Messages
13,859
Solutions
4
Reputation
27
Reaction score
45,545
Points
1,813
Credits
55,080
‎7 Years of Service‎
 
56%
🔓 John the Ripper - Cheatsheet, Tips and Cracking Techniques

🚀 This post was created for the Hack Tools Dark Community.

John the Ripper is a powerful and flexible password cracking tool that supports multiple hash formats and cracking modes.
In this guide, we cover its core usage, smart tricks, and real-world examples for password auditing and red team operations.

⚠️ Disclaimer: This content is for educational purposes only and must be used exclusively in authorized environments.
Neither the author nor the HTDark community is responsible for any misuse.


What is John the Ripper?
John the Ripper (JtR) is a popular open-source password cracking tool that works on Unix, Windows, and macOS.
It supports dictionary attacks, brute-force, and rule-based attacks, and it can crack many formats such as hashes from Linux, Windows, ZIP files, and more.

Installation (Jumbo Version Recommended)
Bash: 
sudo apt install john
# For full features:
git clone https://github.com/openwall/john.git
cd john/src && ./configure && make -s clean && make -s

Basic Usage
Bash: 
# Identify the hash type
john --list=formats

# Crack a hash with a wordlist
john --wordlist=rockyou.txt hashes.txt

# Start brute-force attack
john --incremental hashes.txt

# Resume a session
john --restore

# Show cracked passwords
john --show hashes.txt

Supported Hashes (Examples)
  • Raw-MD5, Raw-SHA1, Raw-SHA256
  • Unix (DES, MD5-crypt, SHA512-crypt)
  • Windows LM, NTLM
  • bcrypt, krb5, AFS, HMAC
  • ZIP, RAR, 7z (with jumbo patch)
  • WPA/WPA2 (with hccapx and jumbo)

Useful Options
  • --format=xxx → manually specify format
  • --session=name → name your session for later resume
  • --rules → enable mangling/mutation rules
  • --incremental=All → enable bruteforce
  • --fork=N → parallel cracking with N processes
  • --mask=?l?l?d?d?d → custom mask attacks (jumbo only)
  • --wordlist → specify your dictionary

Smart Tricks & Advanced Usage
  • Crack /etc/shadow hashes:
    Use unshadow tool:
    Bash: 
    unshadow /etc/passwd /etc/shadow > full_hashes.txt
john full_hashes.txt
  • Crack Windows NTLM hashes:
    Extract with tools like `impacket-secretsdump` or `pwdump`.
  • Use rules for smart mangling:
    Bash: 
    john --wordlist=rockyou.txt --rules --format=raw-md5 hashes.txt
  • Custom mask attack (brute-force pattern):
    Bash: 
    john --mask=?u?l?l?l?d?d?d --format=raw-md5 hashes.txt
  • Benchmark your system:
    Bash: 
    john --test --format=raw-sha256

Real-World Example: Cracking NTLM
Bash: 
john --format=NT --wordlist=rockyou.txt ntlm_hashes.txt

Jumbo-Specific Features
  • Cracking ZIP, RAR, PDF, and other file formats
  • Mask mode (like Hashcat)
  • Support for GPU acceleration via OpenCL
  • Better wordlist and rule handling

Tools That Work Great With John
  • unshadow – Merge passwd + shadow
  • zip2john, rar2john, pdf2john – Extract hashes from files
  • hccap2john – Convert WPA capture to hash
  • potfile – Stores all cracked hashes

Wordlists You Should Use


💬 Do you prefer John or Hashcat?
Have you tried combining rules with masks or distributed cracking?

Let us know your tricks and join the discussion!
 
You must log in or register to reply here.
Back
Top