John the Ripper: A Complete Beginner’s Guide to Hash Cracking

 


John the Ripper: A Complete Beginner’s Guide to Hash Cracking

Cybersecurity professionals often need to test password strength and evaluate system security. One of the most powerful and widely used tools for password auditing is John the Ripper. This guide walks through the fundamentals of using John the Ripper responsibly for ethical security testing and learning purposes.

⚠️ This article is intended strictly for educational and authorized security testing environments.

Introduction to John the Ripper

John the Ripper is a fast and versatile password-cracking tool used in cybersecurity for testing password strength. It supports numerous hash types and is commonly used in:

  • Security research

  • Penetration testing

  • Capture The Flag (CTF) challenges

  • System auditing

The most popular extended version is:

Answer: Jumbo John

Understanding Hashes

A hash converts data of any length into a fixed-length string using a hashing algorithm. Common hashing algorithms include:

  • MD5

  • SHA1

  • SHA256

  • NTLM

Hashes are designed as one-way functions. This means:

  • Hashing data is easy.

  • Reversing a hash directly is computationally infeasible.

Instead of reversing hashes, tools like John the Ripper compare hashed dictionary words against the target hash.

Setting Up the Environment

For this learning setup, two main components were used:

  1. Jumbo John

  2. RockYou wordlist

The RockYou wordlist originated from a real-world data breach in 2009.

Answer: rockyou.com

Cracking Basic Hashes

Using dictionary attacks with RockYou, the following hashes were cracked:

FileHash TypeCracked Password
hash1.txtmd5biscuit
hash2.txtsha1kangeroo
hash3.txtsha256microphone
hash4.txtwhirlpoolcolossal

Cracking Windows Authentication Hashes (NTLM)

Windows systems store passwords as NTLM hashes.

To crack NTLM hashes, the correct format must be specified.

Answer (Format): nt
Answer (Password): mushroom

Cracking Linux /etc/shadow Hashes

Linux stores password hashes in /etc/shadow. These must be combined with /etc/passwd using the unshadow tool before cracking.

Answer (Root Password): 1234

Single Crack Mode

Single Crack Mode uses username-based word mangling techniques to guess passwords derived from usernames.

For the user "Joker":

Answer: Jok3r

Custom Rules in John

Custom rules allow security professionals to exploit predictable password complexity patterns.

For example:

  • Capital first letter

  • Number at the end

  • Symbol at the end

Answers:

What do custom rules exploit?
Password complexity predictability

Rule to add all capital letters at the end:
Az"[A-Z]"

Flag to call custom rule THMRules:
--rule=THMRules

Cracking Password-Protected ZIP Files

ZIP archives can be converted into crackable hash format using zip2john.

Answer (ZIP Password): pass123
Answer (ZIP Flag): THM{w3ll_d0n3_h4sh_r0y4l}

Cracking Password-Protected RAR Archives

RAR files can be processed using rar2john.

Answer (RAR Password): password
Answer (RAR Flag): THM{r4r_4rch1ve5_th15_t1m3}

Cracking SSH Private Key Passwords

Private SSH keys (id_rsa) protected with a passphrase can be converted using ssh2john.

Answer (SSH Key Password): mango

Final Answers Summary (Quick Reference)

  • Most popular extended version: Jumbo John

  • RockYou breach website: rockyou.com

  • hash1.txt password: biscuit

  • hash2.txt password: kangeroo

  • hash3.txt password: microphone

  • hash4.txt password: colossal

  • NTLM format: nt

  • NTLM password: mushroom

  • Root password (/etc/shadow): 1234

  • Joker’s password: Jok3r

  • Custom rules exploit: Password complexity predictability

  • Capital append rule: Az"[A-Z]"

  • Custom rule flag: --rule=THMRules

  • ZIP password: pass123

  • ZIP flag: THM{w3ll_d0n3_h4sh_r0y4l}

  • RAR password: password

  • RAR flag: THM{r4r_4rch1ve5_th15_t1m3}

  • SSH key password: mango

Conclusion

John the Ripper is an incredibly powerful tool for ethical password auditing and cybersecurity training. Through this guide, we explored:

  • Hash identification

  • Dictionary attacks

  • NTLM cracking

  • Linux shadow file cracking

  • Archive password recovery

  • SSH key passphrase cracking

  • Custom rule creation

Understanding how attackers exploit weak passwords allows defenders to build stronger authentication systems. When used responsibly in authorized environments, John the Ripper becomes a valuable educational resource for cybersecurity learners and professionals.

If you're serious about cybersecurity, mastering password auditing tools like John the Ripper is an excellent step forward.

Comments

Post a Comment

Popular Posts