John the Ripper
Encyclopedia
John the Ripper is a free
password cracking
software tool. Initially developed for the UNIX
operating system
, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS
, Win32
, BeOS
, and OpenVMS
). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects
password hash types, and includes a customizable cracker. It can be run against various encrypted
password formats including several crypt
password hash types most commonly found on various Unix flavors (based on DES
, MD5
, or Blowfish
), Kerberos AFS
, and Windows NT/2000/XP/2003 LM hash
. Additional modules have extended its ability to include MD4
-based password hashes and passwords stored in LDAP
, MySQL
, and others.
environment.
root@0[john-1.6.37]# cat pass.txt
user:AZl.zWwxIh15Q
root@0[john-1.6.37]# john -w:password.lst pass.txt
Loaded 1 password hash (Traditional DES [24/32 4K])
example (user)
guesses: 1 time: 0:00:00:00 100% c/s: 752 trying: 12345 - pookie
. It takes text string samples (usually from a file, called a wordlist, containing words found in a dictionary
), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John's single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the encrypted hashes.
John also offers a brute force
mode. In this type of attack, the program goes through all the possible plaintexts, hashing each one and comparing it to the input hash
. John uses character frequency tables to try plaintexts containing more frequently-used characters first. This method is useful for cracking passwords which do not appear in dictionary wordlists, but it does take a long time to run.
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
password cracking
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
software tool. Initially developed for the UNIX
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS
DOS
DOS, short for "Disk Operating System", is an acronym for several closely related operating systems that dominated the IBM PC compatible market between 1981 and 1995, or until about 2000 if one includes the partially DOS-based Microsoft Windows versions 95, 98, and Millennium Edition.Related...
, Win32
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
, BeOS
BeOS
BeOS is an operating system for personal computers which began development by Be Inc. in 1991. It was first written to run on BeBox hardware. BeOS was optimized for digital media work and was written to take advantage of modern hardware facilities such as symmetric multiprocessing by utilizing...
, and OpenVMS
OpenVMS
OpenVMS , previously known as VAX-11/VMS, VAX/VMS or VMS, is a computer server operating system that runs on VAX, Alpha and Itanium-based families of computers. Contrary to what its name suggests, OpenVMS is not open source software; however, the source listings are available for purchase...
). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects
Autodetection
Autodetection is an automatic detection of a thing or situation.For example, an operating system system probes the computer hardware, automatically determines what is installed in the computer and configures the kernel to support the discovered hardware....
password hash types, and includes a customizable cracker. It can be run against various encrypted
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
password formats including several crypt
Crypt (Unix)
In Unix computing, crypt is the name of both a utility program and a C programming function. Though both are used for encrypting data, they are otherwise essentially unrelated...
password hash types most commonly found on various Unix flavors (based on DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
, MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
, or Blowfish
Blowfish (cipher)
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...
), Kerberos AFS
Andrew file system
The Andrew File System is a distributed networked file system which uses a set of trusted servers to present a homogeneous, location-transparent file name space to all the client workstations. It was developed by Carnegie Mellon University as part of the Andrew Project. It is named after Andrew...
, and Windows NT/2000/XP/2003 LM hash
LM hash
LM hash, LanMan, or LAN Manager hash was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to Windows NT used to store user passwords...
. Additional modules have extended its ability to include MD4
MD4
The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms....
-based password hashes and passwords stored in LDAP
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
, MySQL
MySQL
MySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
, and others.
Sample output
Here is a sample output in a DebianDebian
Debian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
environment.
root@0[john-1.6.37]# cat pass.txt
user:AZl.zWwxIh15Q
root@0[john-1.6.37]# john -w:password.lst pass.txt
Loaded 1 password hash (Traditional DES [24/32 4K])
example (user)
guesses: 1 time: 0:00:00:00 100% c/s: 752 trying: 12345 - pookie
Attack types
One of the modes John can use is the dictionary attackDictionary attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
. It takes text string samples (usually from a file, called a wordlist, containing words found in a dictionary
Dictionary
A dictionary is a collection of words in one or more specific languages, often listed alphabetically, with usage information, definitions, etymologies, phonetics, pronunciations, and other information; or a book of words in one language with their equivalents in another, also known as a lexicon...
), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John's single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the encrypted hashes.
John also offers a brute force
Brute force attack
In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
mode. In this type of attack, the program goes through all the possible plaintexts, hashing each one and comparing it to the input hash
Cryptographic hash function
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...
. John uses character frequency tables to try plaintexts containing more frequently-used characters first. This method is useful for cracking passwords which do not appear in dictionary wordlists, but it does take a long time to run.
See also
- Openwall ProjectOpenwall ProjectThe Openwall Project is a source for various software, including Openwall GNU/*/Linux , a security-enhanced operating system designed for servers...
- Password crackingPassword crackingPassword cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
- Brute-force searchBrute-force searchIn computer science, brute-force search or exhaustive search, also known as generate and test, is a trivial but very general problem-solving technique that consists of systematically enumerating all possible candidates for the solution and checking whether each candidate satisfies the problem's...
- Computer hackingHacker (computer security)In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
- Hacking toolHacking toolA hacking tool is a program designed to assist with hacking, or a piece of software which can be used for hacking purposes.- Examples :Examples include Nmap, Nessus, John the Ripper, SuperScan, p0f, and Winzapper. Bribes, have also been designated as among the most potent hacking tools, due to its...
External links
- Official page for John the Ripper
- Distributed John (DJohn) - distributed cracking over several machines
- John the Ripper 1.7 Released
- John the Ripper 1.7.2 Released
- Installing and running John the ripper in Ubuntu
- Running John on dual core or multi CPU machines
- John the Ripper on a Linux Cluster
- John the Ripper used to cracked hashes from over 1.5 million leaked accounts