Home Kali Linux Tutorials Crack Hashes with John The Ripper in Kali Linux

Crack Hashes with John The Ripper in Kali Linux

Kali Linux Tutorials By · October 1, 2024 · 1 Comment
john-home

John the Ripper is a powerful and widely-used password cracking tool available in Kali Linux. This tool is essential for security professionals, ethical hackers, and anyone interested in testing password strength. In this guide, we will explore how to effectively use John the Ripper to crack MD5 hashes, providing a comprehensive step-by-step process. Whether you’re a beginner or an experienced user, this article will equip you with the knowledge to utilize John the Ripper effectively.

Step 1: Accessing John the Ripper Help File

Before you begin using John the Ripper, it’s important to understand its functionalities and commands. You can access the help file directly from the terminal. Simply type the following command:

$ john -h

John-the-Ripper-help

This command will display a list of options and usage instructions for John the Ripper, allowing you to familiarize yourself with its capabilities. If you prefer a graphical interface, you can log into your Kali Linux system and navigate through the menu: Applications > 05 – Password Attacks > Click on John

John-the-Ripper-1

This alternative method provides an easy way to access the tool without needing to use the command line.

Step 2: Creating a File Containing MD5 Hashes

To crack passwords effectively, we first need to simulate a scenario in which we have MD5 hashes. In real-world scenarios, attackers often obtain these hashes from compromised systems. For this exercise, we will manually create a file containing several MD5 hashes.

Open a terminal window and enter the following commands to generate hashes for five different passwords:

$ echo -n 'admin' | md5sum | awk '{ print $1 }' > hash_passwords.txt
$ echo -n 'password' | md5sum | awk '{ print $1 }' >> hash_passwords.txt
$ echo -n 'admin@123' | md5sum | awk '{ print $1 }' >> hash_passwords.txt
$ echo -n 'Password1234' | md5sum | awk '{ print $1 }' >> hash_passwords.txt
$ echo -n 'Administrator' | md5sum | awk '{ print $1 }' >> hash_passwords.txt

John-the-Ripper-2

John-the-Ripper-3

These commands create MD5 hashes for the specified passwords and save them to a file named hash_passwords.txt. To verify that your hashes were created correctly, use the following command:

$ cat hash_passwords.txt

John-the-Ripper-4

This command will display the five MD5 hashes you just generated, allowing you to confirm their accuracy.

Step 3: Cracking Hashes with John the Ripper

Now that we have our hashes, it’s time to crack them using John the Ripper. Use the following command to start cracking the hashes stored in hash_passwords.txt:

$ john --format=raw-md5 hash_passwords.txt

John-the-Ripper-5

As John processes the hashes, it will display the cracked passwords in orange. You can expect common passwords like “password” and “admin” to be cracked almost immediately, as they are included in John’s default wordlists.

For hashes that John cannot crack with its built-in wordlists, it will switch to incremental strategies, using brute force on the remaining hashes. If you allow John to run long enough, it will eventually crack the remaining passwords. This process may take between 10-20 minutes, depending on the complexity of the hashes. You can press Ctrl-C or q at any time to abort the process if you’ve already cracked enough passwords.

Step 4: Using Larger Wordlists

The default wordlist in John the Ripper is relatively small, which can limit its effectiveness against more complex passwords. To improve your cracking success, consider using larger wordlists such as rockyou.txt, a well-known resource in the password cracking community.

To utilize the rockyou.txt wordlist, run the following command:

$ john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-md5 hash_passwords.txt

This command instructs John to use the larger wordlist, which may increase the likelihood of cracking more complex passwords.

Note: Extract the rockyou.txt.gz file using command “sudo gzip -d rockyou.txt.gz”.

Step 5: Utilizing Brute Force

For a more exhaustive approach to cracking, you can instruct John the Ripper to perform a brute force attack. This method can be significantly slower but is effective for cracking complex passwords. To initiate brute force cracking, enter the following command:

$ john --format=raw-md5 hash_passwords.txt --incremental

Keep in mind that brute force attacks can take a considerable amount of time, especially for longer or more complex passwords. A powerful GPU may require hours to crack even an 8-character password. Despite MD5 being considered weak by today’s standards, you may still be surprised by the duration it takes to crack even a single MD5 hash using brute force. You can abort the process at any time by pressing Ctrl-C or q.

Step 6: Displaying Cracked Passwords

Once you’ve completed the cracking process, you may want to review the cracked passwords. If you interrupted the cracking session, you can still view the cracked passwords by using the --show option. Run the following command:

$ john --show --format=raw-md5 hash_passwords.txt

John-the-Ripper-6-main

This command will display the cracked passwords alongside their corresponding hashes, giving you a clear overview of your cracking success.

Conclusion

John the Ripper is an essential tool for anyone interested in password security and ethical hacking. By following the steps outlined in this guide, you can effectively use John the Ripper to crack MD5 hashes and enhance your understanding of password security.

As you become more proficient with John the Ripper, consider exploring additional wordlists and advanced cracking techniques. Always remember that ethical hacking practices emphasize using these tools responsibly and only in authorized environments.

Related Posts

Crack Hashes using RainbowCrack and Rainbow Tables

Kali Linux Tutorials By · October 4, 2024 · 0 Comment
RainbowCrack-and-Rainbow-Tables-feature
In the realm of cybersecurity, cracking password hashes is a crucial skill for ethical hackers and security professionals. One of the most efficient ways to do this is through RainbowCrack and rainbow tables. Unlike traditional brute-force methods, which can be... Read more

Cracking MD5 Hashes with Hashcat in Kali Linux

Kali Linux Tutorials By · September 30, 2024 · 2 Comments
hashcat-home
Hashcat is a powerful password recovery tool widely used for cracking hashes. It supports a variety of hash algorithms, including MD5, and can leverage wordlists to streamline the cracking process. This article will walk you through using Hashcat in Kali... Read more

Nikto: Web Vulnerability Scanning Tool in Kali Linux

Kali Linux Tutorials By · September 18, 2024 · 0 Comment
nikto-main
Web applications are increasingly vulnerable to various attacks, making security a top priority for developers and system administrators. Among the tools available for identifying these vulnerabilities, Nikto stands out as a robust web vulnerability scanner. Pre-installed in Kali Linux, Nikto... Read more

SQLMap: The Best Tool for Automated SQL Injection Detection

Kali Linux Tutorials By · September 13, 2024 · 2 Comments
sqlmap
SQLMap is a powerful, open-source penetration testing tool designed to automate the detection and exploitation of SQL injection vulnerabilities in web applications. SQL injection is a critical security flaw that allows attackers to execute arbitrary SQL queries on a database,... Read more

Social Engineering Toolkit (SET): QRCode Generator Attack Vector

Kali Linux Tutorials By · September 4, 2024 · 0 Comment
SET-QRCode-Generator-Attack-Vector
In the world of cybersecurity, social engineering is a powerful tool for exploiting human psychology to gain unauthorized access to systems and data. One of the most intriguing methods within the Social Engineering Toolkit (SET) is the QRCode Generator Attack... Read more

Social Engineering Attacks: Social Engineering Toolkit (SET)

Kali Linux Tutorials By · August 19, 2024 · 2 Comments
Social Engineering Toolkit
In today’s digital landscape, social engineering attacks have become increasingly prevalent. These attacks exploit human psychology rather than technical vulnerabilities to gain unauthorized access to sensitive information. One of the powerful tools used in these types of attacks is the... Read more

Post Exploitation tool in Kali Linux : Weevely

Kali Linux Tutorials By · August 2, 2023 · 1 Comment
Post Exploitation tool in kali linux Weevely TechArry
Weevely is a stealth backdoor or PHP web shell that simulate telnet-like connection. This tool is used for post exploitation of vulnerability in web application. Syntax weevely generate <password> <file path> In this article we will do post exploitation of... Read more

Essential Nmap Commands in Kali Linux

Kali Linux Tutorials By · July 14, 2023 · 0 Comment
Essential Nmap Commands in Kali Linux TechArry
NMAP, short for Network Mapper, is an essential and powerful network scanning tool available in Kali Linux. With its extensive range of features and flexibility, Nmap has become the go-to tool for network administrators, security professionals, and ethical hackers alike.... Read more

Exploiting File Upload Vulnerabilities with Metasploit

Kali Linux Tutorials By · June 22, 2023 · 2 Comments
Exploiting File Upload Vulnerabilities with Metasploit Framework TechArry
File Upload vulnerabilities are a common security weakness found in many web applications. By taking advantage of these vulnerabilities, attackers can upload malicious files to a target system and potentially execute arbitrary code. In this article, we will explore how... Read more

1 Comment

  1. Pingback: Cracking MD5 Hashes with Hashcat in Kali Linux - Tech Arry

Comments are closed.