Module 1: BSWJ: John the Ripper
Teaching Assistants George Mcpherson Vikramajeet Khatri
How to Use the John the Ripper Password-Cracking Tool
One of the best and most popular password-cracking tools is John the Ripper. It’s a part of the Rapid7 family of hacking and penetration testing tools. It uses brute force attacks, dictionary attacks, and single-crack mode, which is a technique that exploits common password flaws.
John the Ripper is an open source tool that is commonly used to detect weak passwords that may put systems and networks at risk, as well as other administrative uses. It’s a free tool, but there is a commercial version, John the Ripper Pro, that can be purchased which offers more features.
John the Ripper was originally designed for the Unix operating system, it’s now available to use on 15 different platforms, most of which are versions of Windows, DOS, and OpenVMS. It’s an important tool for penetration testers, ethical hackers, network administrators, security consultants, forensic staff, security software vendors, and other security professionals.
Why Use the John the Ripper Password-Cracking Tool?
The John the Ripper program is the preferred choice of password-cracking tools for many ethical hackers for a variety of reasons. It offers many features that make it easy to use and convenient for password-cracking or recovery. Some of those beneficial features are:
- John the Ripper is the most used program among penetration testers for cracking passwords because of it’s outstanding performance and fast speed.
- The program combines several different password cracking modes and is completely configurable for the user’s specific needs.
- It’s available for multiple different platforms which allows users to use the same cracker everywhere, it even allows users to continue a cracking session which were begun on a different platform.
- John the Ripper can automatically detect password hash types and can be used to crack multiple encrypted password formats that include several crypt hash types most frequently found on different Unix versions (based on Blowfish, MD5, or DES), Windows NT/2000/XP/2003 LM, and Kerberos AFS hash. Adding more modules to the original tool has expanded its capability to include passwords stored in MySQL, LDAP, and MD4-based password hashes.
For more information about the John the Ripper password-cracking tool, and to learn to use it, check out this How to Use John the Ripper tutorial. The class provides you with all the information you need to use this popular password recovery tool.
(Disclaimer: Breaking Stuff with Joe is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Joe' episode. However, you can still earn a certificate of completion for each episode completed.)