Last Updated: 8/22/2024
In this segment we are going to talk about using john for security. John is a password cracking and testing tool.
How to Install:
There are a few ways to use John. You could use Kali Linux; because john is built into it, or you can build and install John on your local system.
sudo apt-get install build-essential
sudo apt-get install libssl-dev(optional) sudo apt-get -y install yasm libgmp-dev libpcap-dev pkg-config libbz2-dev
(optional) sudo apt -y install zlib1g-dev
If you haven’t installed git; please do so now.
apt-get install git -yNow we can pull down the project, unpack it, and then configure and compile it.
mkdir /root/src
cd ~/src
git clone git://github.com/magnumripper/JohnTheRipper -b bleeding-jumbo john
cd ~/src/john/src
./configure && make -s clean && make -sj4Choosing a wordlist:
https://www.openwall.com/wordlists/.
Cracking Zipfiles:
We can use John to crack Zip files by going through a 2 step proces. We use the utility zip2john to extract the hash file from the zipfile. Once we have that then it’s just a matter of running john against your wordlists in order to see if you have any matches.
References:
http://openwall.info/wiki/john/tutorials/Ubuntu-build-howto
(also https://linuxreference.wordpress.com/2019/06/07/howto-install-john-the-ripper-in-ubuntu-18-04/)
(also http://insidetrust.blogspot.com/2011/01/password-cracking-using-john-ripper-jtr.html )
(additionally: http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
https://www.stationx.net/how-to-use-john-the-ripper/