John the Ripper Cheat Sheet

Basic Usage:

1. Running John the Ripper (GitHub):

   john [options] [password_file]

2. Options:

• -w: Specify wordlist file.
• -mask: Specify mask to generate passwords.
• -rules: Enable word mangling rules.
• -format: Specify hash format.
• -show: Show cracked passwords.
• -incremental: Enable incremental mode.

2. Examples:

• Crack passwords using a wordlist: john -w wordlist.txt password_file
• Crack passwords using incremental mode: john -incremental password_file
• Specify hash format:
  john -format=MD5 password_file

Wordlist Usage:

1. Creating Wordlist:

• Use tools like crunch or cewl to generate custom wordlists.

1. Common Wordlists:

• Rockyou: A popular wordlist containing common passwords.
• SecLists: Collection of various wordlists for different purposes.

Mask Mode:

1. Mask Syntax:

• ?l: Lowercase letter
• ?u: Uppercase letter
• ?d: Digit
• ?s: Symbol

1. Example:

• Crack passwords using a mask:
  john -mask='?l?d?d?d?l?l' password_file

Rule-Based Cracking:

1. Mangling Rules:

• single: Apply a single rule at a time.
• wordlist: Apply rules from a wordlist.
• incremental: Try all possible combinations.

1. Examples:

• Crack passwords using default rules: john -rules password_file
• Use custom wordlist for rules:
  john -rules=wordlist.txt password_file

Hash Formats:

1. Common Formats:

• MD5
• SHA1
• SHA256
• NTLM

1. Specify Format:

• Use -format option followed by format name.

Output:

1. Show Cracked Passwords:

• Use -show option to display cracked passwords.

1. Output File:

• Cracked passwords are saved in john.pot file by default.

Miscellaneous:

1. Session Management:

• Use --session=name to save and resume sessions.

1. Performance Tuning:

• Adjust parameters like threads (-t) and benchmark (--test).

1. Documentation:

• Access John the Ripper documentation for detailed usage and options.

Caution:

• Ensure you have permission to perform password cracking activities.
• Respect privacy and legal boundaries while using password cracking tools.
• Always use strong passwords and encourage good security practices.

Resources:

• John the Ripper GitHub Repository
• John the Ripper Documentation
• Online tutorials and forums for additional guidance and tips.

This cheat sheet covers the basic usage and common scenarios of using John the Ripper for password cracking. Adjustments and customization may be required based on specific requirements and target environments. Always use such tools responsibly and ethically.