John the Ripper Tutorial - John the Ripper may be simple for many geeks to use, but newbies

and geeks in training may find it difficult to do exactly... http://www.osix.net/modules/article/?id=455

26489 total geeks with 3501 solutions

Recent challengers:
djcomidi bonus 11 - 05:44PM
djcomidi bonus 17 - 04:43PM
taurean1434 level 3 - 11:07AM

Welcome, you are an anonymous user! [register] [login] Get a [email protected] email address

Articles Article viewer

C
Dot.Net
Windows John the Ripper Tutorial
Visual Basic
Written by: Renegade
Security
Miscellaneous Published by: thinkt4nk
Published on: 2003-12-21 22:14:40 Search OSI about Security. More articles by Renegade.
Show/Hide...
Topic: Security viewed 694158 times send this article printer friendly

GEEK Digg this!

Rate this article :
Challenge
Bonus Levels John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly what they want. This tutorial is aimed at them.

Geek Reverser
View Solutions
Test Centre
Mau Ke Luar Angkasa ?
Hall of Brain www.axeapollo.co.id
Hall of Bonus Tinggal Hari Ini Kesempatan Lo Bisa Pergi Ke Luar Angkasa Sob. Buruan!
Hall of
Reverse
Geek or Freak I wrote this tutorial as best I could to try to explain to the newbie how to operate JTR. Remember, this is a newbie tutorial, so I wont go into detail with all of the features. JTR is a program that decyrpts Unix passwords using DES (Data Encryption Standard).

The Process
User's box Step 1: Download JTR.
Username:
Step 2: Extract JTR. In windows use winzip. In unix type

Password: tar -xzf john-1.6.tar.gz

Forgot Step 3: In windows open the command prompt. Go to the Start menu, click Run, type 'command' (no quotes) and press enter.
password?
New account You with me? Good. Go to whatever directory to have JTR in. Type 'john' and press enter. A whole list of options will come up:

John the Ripper Version 1.6 Copyright (c) 1996-98 by Solar Designer
Shoutbox
MaxMouse
It's Friday... Usage: /WINDOWS/DESKTOP/JTR/JOHN-16/RUN/john [OPTIONS] [PASSWORD-FILES]
That's good -single "single crack" mode
enough for me! -wordfile:FILE -stdin wordlist mode, read words from FILE or stdin
CodeX
-rules enable rules for wordlist mode
-incremental[:MODE] incremental mode [using section MODE]
non stop lolz
-external:MODE external mode or word filter
here but thats
-stdout[:LENGTH] no cracking, just write words to stdout
soon to end -restore[:FILE] restore an interrupted session [from FILE]
thanks to uni, -session:FILE set session file name to FILE
surely the rest -status[:FILE] print status of a session [from FILE]
of the world is -makechars:FILE make a charset, FILE will be overwritten
going good? -show show cracked passwords
stabat -test perform a benchmark
how things are -users:[-]LOGIN|UID[,..] load this (these) user(s) only
going guys? -groups:[-]GID[,..] load users of this (these) group(s) only
Here... -shells:[-]SHELL[,..] load users with this (these) shell(s) only
-salts:[-]COUNT load salts with at least COUNT passwords only
boring...
-format:NAME force ciphertext format NAME
CodeX
(DES/BSDI/MD5/BF/AFS/LM)
I must be
-savemem:LEVEL enable memory saving, at LEVEL 1..3
going wrong on
the password
lengths then,
as long as it
You wont need most of these options. In fact, you don't really need any of these options. You can simply type 'john
was done on
ECB [filename]'. The filename must include the .txt extension. This is the regular crack. It will use bruteforce to decrypt all of the passwords in the file. If you're an impatient ass you can use a word list. This is not as effective but it's quicker (more on that later).
MaxMouse
lol... the key is How to make a crackable file: Let's say that for some reason you have a DES encrypted password but no file. If you want to crack it (why else would you be here?) you need to make your own file. Just create a text file and paste in the password. Now put a username (just any old name will do) in front of it with a colon separating the two. It should look something like
in hex (MD5: this:
of the string
"doit" without User:gyuJo098KkLy9
the "'s) and is
in lower case.
Maybe i should Save the file as crackme.txt (just an example) and go to the prompt and type 'john crackme.txt' (no quotes obviously). Now you just have to wait.
have
submitted this Options
as a challenge! Here are a list of the options and what they do.

single: Single crack mode. This is only recommended for weak passwords as it includes only a few rules and a small wordlist.
Donate
Donate and help Usage: john -single crackme.txt
us fund new
challenges
wordfile: Uses a wordlist (basically a dictionary attack). What this does is tries every word in the list until it finds a match or you reach the end of the list. This is quicker than the default (bruteforce) attack, but I don't recommend this because it doesn't always find a match. More notes on wordlists below.

Due Date: Sep 30 Usage: john -wordfile:password.lst crackme.txt

September
Goal:
$40.00
Gro ss: $0.00
rules: Lets you define the rules for using wordlists. I don't use wordlists, so if you want to use this option I wont help you. Ok, ok, I'm just lazy. Shoot me.
Net
Balance: $0.00
Le ft to go: $40.00 incremental: I like this method. It allows you to do a bruteforce attack
under certain modes.
Contributors
Usage: john -incremental:alpha crackme.txt (only letters)
john -incremental:digits crackme.txt (only numbers)
john -incremental:lanman crackme.txt (letters, numbers, and some special characters)
News Feeds john -incremental:all crackme.txt (all characters)
The Register
Memory muddle
muddies Intel"s
Exascale ambitions external: This is a little complicated, so if you are lame don't mess with it. Basically this calls the options that are defined in the configuration settings. You can change these yourself, but I wouldn't recommend it unless you know what you're doing. No, I wont tell you how, go away.
Microsoft reissues
September patches Usage: john -external:[MODE] crackme.txt (replace MODE with whatever the
after user name of your mode is).
complaints

1 of 10 9/15/2013 9:14 AM
John the Ripper Tutorial - John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly... http://www.osix.net/modules/article/?id=455

Server hack heads

up the stack for a
restore: Ok, let's say that you need to stop the crack in the middle. Press crtl+break. A file will be created in the JTR directory named 'restore' (no quotes doofus, and yes, no file extention). You can start the crack back up from that restore point. If you used the-session option you probably have a different filename.
new challenge
Billio naire Usage: john -restore:restore
engineer Ray
Dolby,
80 , dies at ho me in
San Francisco session: Use this if you know that you will have to stop JTR in the middle of a crack. It allows you to create a new file that holds the data of your session. You can then restore your session later.
The future o f PCIe:
Get small, speed Usage: john -session:[save to filename] crackme.txt
up, think o utside
the box
Teen buys
WikiLeaks status: Shows how far you got before stoping a crack (provided you used the -session option).
server fo r $3 3,00 0
? w ith dad"s eBay Usage: john -status:[filename]
account
What"s in it for
server buyers now
that Intel"s Xeo n show: Shows how many passwords have been cracked in a file and how many are left.
E5 -260 0 v2 is
here?
Usage: john -show crackme.txt
Couchbase relaxes
NoSQL derrire
into
mo bile seats
test: Shows how fast JTR will work on your computer.
It"s about tim e:
Java update
includes to ol for Usage: john -test
blocking drive-by
exploits
Happy Friday the
13 th! It"s
users: Cracks the password only for the user or users you tell it to.
Pro gramm ers" Day
Slashdot Usage: john -users:User crackme.txt
Stephen Colbert
and
the Monste r Truck
of Tivos
groups: Cracks the passwords only for the group or groups you tell it to.
Open Source, Open
Wo rld Usage: john -group:lamers crackme.txt
How Amateurs
Destro yed the
Pro fessio nal Music
Business shells: Cracks the passwords only for the shell or shells you tell it to.
US, Russia Agree
On Usage: john -shells:shelly crackme.txt
Plan To Dispose of
Syria"s C hemical
Weapons
The Boy Genius of salts: Cracks the salts that have at least the number of passwords you specify.
Ulan Bator
Japan Controls Usage: john -salts:2 crackme.txt
Ro cket Launch
With
Just 8 People and
2 format: JTR can decrypt many from many different formats, not just DES (but this is the most widely used one). Use this to force JTR to try a certain format.
Laptops
45 % of U.S. Jobs Usage: john -format:DES crackme.txt (force DES)
Vulnerable To john -format:BSDI crackme.txt (force BSDI)
Autom ation john -format:MD5 crackme.txt (force MD5)
Dogs Lo ve Ro bots, john -format:BF crackme.txt (force BF)
Prefer Hum ans
john -format:AFS crackme.txt (force AFS)
Student Arrested john -format:LM crackme.txt (force LM)
Fo r Using Pho ne
App
To "Shoot"
Classmates
savemem: this tells JTR to automatically save your process at whatever
Why iTunes Radio
Could Take Do wn
level you specify from one to three.
Pandora
Usage: john -savemem:1 crackme.txt (save at level 1)
john -savemem:2 crackme.txt (save at level 2)
john -savemem:3 crackme.txt (save at level 3)

How to use a wordlist with JTR: I'll assume you already have a wordlist in the JTR directory (it comes with password.lst, if you want to make your own I'll tell you how later). Go to the prompt and type 'john -wordfile:password.lst crackme.txt' (no quotes, damnit). If the password is in the wordlist, it will work. Otherwise, you deserve it for
using a wordlist when you have bruteforce capabilities, shame on you.

How to create a wordlist to use with JTR: First I will include a few lines of the wordlist supplied with JTR:

#!comment: Common passwords, compiled by Solar Designer.

12345
abc123
password
passwd
123456

The top line is a comment (duh). If you want to make a comment in your wordlist just follow the example. The other lines are passwords that the program will try when you use the wordlist. Put each password on a new line. In the event that you are too lazy to write your own wordlist you can download one (once again, I'm far too lazy to give you a link). It may or
may not already be the right file format (.lst). If it isn't, just go to the prompt. Assuming the filename is lazy.txt, type 'rename lazy.txt lazy.lst'

Piping Output: Remember the -show option? You can get JTR to save that
output to a file. Just type 'john -show crackme.txt > crackinfo.txt'

There's my guide. I have an FAQ below:

Q: Can I mix options?

A: Yes, certain options can be mixed. You can mix options as long asthey don't clash. Play around with it a while.

Q: What does "Loaded 0 passwords" mean?

A: There was a problem with either your password file or the syntax of your command. If you force BF decryption when your file has DES encryption it wont work. If your password file isn't made right it wont work.

Q: What does "Password files required, but none specified" mean?

A: Can you read? You can't just tell JTR to crack, you need to give it a file.

Q: What does "Unknown cyphertext format name requested" mean?

A: When you use the -format option you need to check that you typed the name of the format correctly.

Q: How come when I typed 'john -users: login|uid crackme.txt' (which by the way is the usage shown in the list of option by JTR) I received this error:
Option requires a parameter: "-users:"
Bad command or file name
A: The piping symbol you used (|) can mean two different things. In this case in means 'or'. You're supposed to use login OR uid. When you type it in a dos window, you are running two separate commands.

Q: Can I speed up the bruteforce?

A: Sure, just toss that old ass box of yours and get a new one.

Did you like this article? There are hundreds more.

Join OSIX
Get Involved
Challenge or Test your skills

2 of 10 9/15/2013 9:14 AM
John the Ripper Tutorial - John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly... http://www.osix.net/modules/article/?id=455

Comments:
Domuk I think reading the /doc files included within the zip would be much more informative than... this.
20 03-1 2-23 23:07 :16

think12 For your last Q&A... You make yourself sound like a crypto expert (re: "I'm lazy")...
20 03-1 2-24 19:44 :28

AcidIce yeah but some serious ranking on google :)

20 05-0 7-12 20:58 :13

Geek_Freek Whoa.. This is doing exceedingly well on google!!! But doesn't Regeneade visit here anymore?
20 05-0 8-02 15:03 :14

Anonymous "JTR is a program that decyrpts Unix passwords using DES (Data Encryption Standard)."
20 05-1 2-05 16:43 :45
You mean it bruteforces by encrypting various words and trying to match them. You can't decrypt DES.

Download Free Software

mobogenie.com/download-software
Download Free PC Manager Software. Easy File Transfer. Download Now !

Domuk I'd call it hashing rather than encrypting. I like this article less and less each time I read it, there are so many mistakes. However, I don't want the editors to touch it, since it's rules with Google rankings.
20 05-1 2-05 19:18 :17

Anonymous what's the difference between savemem:1 , savemem:2, and savemem:3.

20 05-1 2-06 11:02 :41

Anonymous heh
20 06-0 4-16 19:10 :04

Anonymous Nice google rank, nothing is mentioned about other apps such as forkjohn (hidden in the chaos release). What about Djohn? :) Your not going to tell us about parellel external modes, oh well :P
20 06-0 4-16 19:11 :05
theone
Anonymous Error - "No password hashes loaded" is similiar to "Loaded 0 passwords" ?
20 06-0 6-21 10:39 :31

Anonymous You said: "Go to whatever directory to have JTR in. Type 'john' and press enter".
20 06-0 7-25 06:00 :43
If i have it on the desktop, what do i do?
Domuk You load up the command prompt, Go to whatever directory to have JTR in. Type 'john' and press enter
20 06-0 7-25 06:38 :24

Anonymous you sure i wont get a virus from downloading it?

20 06-0 8-01 18:17 :31

Domuk You may well do, I wouldn't risk it if I were you.

20 06-0 8-01 19:16 :40

bb yeah winzip are very dodgy people.

20 06-0 8-02 09:16 :12

Anonymous When itype"command" in run it comes out the command prompt.Then i choose my file JTR directory and push enter.Then when it comes out the command prompt it quickly dissapears,and i cannot see anything.Please Help [email protected]
20 06-0 8-02 17:57 :31

Domuk Use 'cmd', not 'command' for starters.

20 06-0 8-03 09:12 :45

Anonymous the program itself is likely to be identified as a virus even though it is not technically one
20 06-0 8-18 03:02 :20
if you got it off the openwall site just tell your antivirus to ignore it...
Anonymous This is fucking useless like all the other bogus "User Guides" to JTR and the original readmes from the author of JTR. They're all written in geekspeak for other geeks who don't need the help in the first place. Thanks for wasting my time and the time of thousands of other people by pretending to provide assistance in using JTR.
20 06-0 9-02 13:20 :36

Domuk If you can't work it out, you shouldn't be using it, Mr 69.211.57.191.
20 06-0 9-02 13:37 :07

anilg D, do you realise that anon cowards would not be using a static IP ISP?
20 06-0 9-02 21:15 :33

Domuk I really don't think they're that smart. Besides, I just do it in the assumption they're idiots and it panics them into another dumb post.
20 06-0 9-03 08:15 :43

Anonymous hey geeks!!

20 06-0 9-04 08:16 :30 i'm really a newbie to all of this... it's ok with this tutorial but how can we use it to crack a mail (Yahoo!, MSN) password with this software? and if not possible, do you guys know any method of doing it?... As i don't come by often here, it'd be great if you could send me an e-mail ([email protected])
thanx guys
MaxMouse Snore!
20 06-0 9-04 11:32 :10

Anonymous please teach me how to hack masters....here's my add [email protected]

20 06-0 9-13 07:22 :56

anilg Hey, we recently discussed the latest in msn hacking.. http://osix.net/modules/forum/thread.php?id=13711

20 06-0 9-13 08:10 :21

Anonymous hello guys,first off great for you to help out newbies....secondly im having some trouble,when i tyoe john in cmd it tells me that the john is not a recognise...okay you probable now the rest.....please help....
20 06-0 9-15 06:07 :43

kdemetter Anonymous
20 06-0 9-15 11:28 :36
Make sure you put the files in your windows folder . If you just extract it , it would create to maps , and that won't work .

extract the content of run in your windows folder , that should work

Anonymous Anyone who doesn't understand this is a muppet. I'm not a geek.. use your fucking braincells, and don't moan cos you have nil initiative........... I've worked around the probs you numbskulls..
20 06-1 0-02 18:47 :41

Anonymous thanks.
20 06-1 0-07 07:12 :28 just wanted to know...
in some other tutorial i saw an option like:
"john -i filename.txt"

what does "-i" option do?

Domuk I imagine it's just short for incremental
20 06-1 0-07 08:18 :08

Anonymous I need john to crack longer password than 8 chars. I wrote an incremental field in /etc/john/john.conf file with MaxLen=16 parameter but John try max 8 chars long passwords.
20 06-1 0-16 07:17 :04 Has anybody any idea?
Thanks a lot.
Anonymous dime que tengo que hacer para craquear un cervidor
20 06-1 0-16 11:28 :38 que me hiieron una y tengo que cobrarmela.........
ayuda la necesito mi pana

Anonymous Hmmm...tried all those things but not sure how it can help newbie in most cases... ;?
20 06-1 0-25 04:10 :36

Anonymous When using a wordlist JTR only uses the first 8 letters of the words in the list. Is there a way to increase wordlength in the wordlist mode?
20 06-1 0-27 12:27 :56

Domuk I think the 8 character thing's only with the DES/crypt() type hashing, because the crypt function only hashes the first 8 characters anyway - so trying longer strings would be silly. At least with MD5, it tries arbitrarily long strings.
20 06-1 0-27 19:54 :28

3 of 10 9/15/2013 9:14 AM
John the Ripper Tutorial - John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly... http://www.osix.net/modules/article/?id=455

Anonymous What is all the fuss? I am new to JtR And there was some useful tips on this site. I was able to write a shell script that I can run in backtrack that automatically selects what windows system your hacking then does bkhive, samdump2 then give you options for quick wordlist or 4 incremental options. I burned that script and backtrack2 to
20 06-1 0-29 07:34 :38 a 1 gig thumb drive. All I have to do is boot that f_cker up and and run my script. I timed myself and was able to crack all 9 passwords some in less than a minute some in 4 hrs.

Anonymous i am using JTR, I managed to figure out that just typying john in dos prompt doesnt work unless you type in the actuall name of the file in my case - john-386....anyway. Can anyone recommend a site that would help me write a simple program to crack a short password file...using the crypt()? Any help would be appreciated. thnx
20 06-1 1-20 05:25 :25

Anonymous no encuentro la ruta para abrir jtr

20 06-1 1-30 19:38 :15 extraigo el archivo que descarge en el escritorio ahora que ago cual es la direccion
porfavor respondan
Anonymous JTR crack shell accounts? If it does how can I do that?
20 06-1 2-26 08:56 :07

Domuk Shell accounts are easy with john, just type in "john --stdout --incremental >ipofserver".
20 06-1 2-26 10:59 :36
So for instance, 'john --stdout --incremental >89.39.165.128' would eventually get you a shell account on 89.39.165.128. You'll have to leave it a while, though, and it might not look like it's doing anything (it can take hours/days, but probably just a few hours)
Anonymous I need help, I can't even get the first part done. I extracted the john folder to the Windows folder, my desktop, and a few other places. I type in john in command prompt and it says it can't recognize it. Somebody please help.
20 07-0 1-04 00:03 :42

Anonymous Okay, I ran the john-386.exe file.

20 07-0 1-04 00:20 :51
But it opens and closes command prompt right away. Why won't it stay open?
Anonymous It's me again, I used the dir command in command prompt. But it's saying system cannot find the file specified when I configure the path.
20 07-0 1-04 14:13 :24

Anonymous hi i wand to hack some 1 is but i dont known hacking can u plz hack a password 4 me ok reply me on sawera_sahil@hotmil
20 07-0 1-10 02:01 :08

Anonymous plz its so urget help me ou sawera

20 07-0 1-10 02:03 :20

Anonymous How can i crack md5 hashes with john the ripper ?
20 07-0 1-11 15:24 :23

Anonymous what a lame ass article. seriously! renegade is a dumass.

20 07-0 1-13 22:07 :01

Anonymous How the hell... do you hack aim accounts with this?
20 07-0 1-15 15:50 :01

Anonymous that guy is a total knobhead./

20 07-0 1-19 19:42 :05

Anonymous how the hell do i find out someones myspace password and email?????!!!!!
20 07-0 1-21 18:25 :49

Anonymous This is probably a stupid question. U need the file containing the encrypted passwords first, how do I get that shadow file, does john the ripper do this for you?
20 07-0 1-22 15:22 :19

Anonymous I have the same question about cracking Facebook/My Space. I'm trying to practice on my own page. Any clues? How do you use JTR on a web site where you don't have a txt file with the encrypted password already. Is this impossible? Any clues?
20 07-0 1-23 10:14 :37

Anonymous *sigh*...
20 07-0 1-27 18:38 :59 To all the people who ask "How can I crack someone's MySpace with this" or similar questions..
You DON'T.
Let's imagine, for a moment, that there were fixed steps that one could take to break into an account.
The service providing that sort of account (e.g. MySpace) would presumably find out about it quickly and fix the problem.
Sorry if I misrepresented anything here, btw
Anonymous Tis me the stupid question fella again. All I want to know is how to extract the hashed password files from the system(Red Hat Linux).Is there a program that does this or is this a feature of JTR
20 07-0 1-29 10:50 :37

Anonymous Good guide for beginers like me to get started, am curious how long it takes to crack one des hash would have been nice to have a rough timescale of how long it takes included, still were soon see !
20 07-0 1-31 21:05 :04

Anonymous Depending on your dictionary, the strength of the pass and chosen method it could take seconds hours or lifetime :)
20 07-0 2-02 15:08 :29

Anonymous To the "stupid question fella" you need to exploite the site to get the passfile and then decrypt it with john
20 07-0 2-02 15:10 :45 I'm a total loser when it comes to exploiting so I can't give hilights ;)
Anonymous ... I forgot to mention above that I have the latest version ( yesterday ) "john-1701", so maybe this was never tested by anyone on DOS or WIN ? thanks.
20 07-0 2-09 16:52 :29

Anonymous Is this program used to crack Windows pwds only or can we also use it for password protected applications as well? I am not saying cracking a software to make it licenced.
20 07-0 2-10 05:46 :01

Anonymous does this thing work to crack passwords like myspace and aim? e-mail me [email protected] i really need help.
20 07-0 2-17 06:15 :18

Anonymous I got a password I'm trying to crack, its salted too.

20 07-0 3-02 05:46 :54 I'm running JTR as shown above but for some reason it keeps showing
gueesses: 0 time ?:??:??:?? <3> some number (6) trying : some words - some other words...
is this right...??
Domuk Weird, it doesn't just show the cracked password? Sounds like it's broken.
20 07-0 3-02 06:48 :40

Anonymous nope it isn't....

20 07-0 3-02 13:33 :38
any chance I talk to someone offline on this....??
i can be reached at [email protected]

Anonymous I'm a little confused about the password.txt file i'm supposed to load with JTR. I've been using airodump and have successfully captured a handshake from the target network. The thing is, its in a .cap file and I can't seem to figure out how to create a hashed .txt file from it. Out of frustration I tried to directly load the .cap file into JTR
20 07-0 3-03 14:14 :55 and i got the following response:

Loaded 2 password hashes with no different salts (NT LM DES [32/32 BS])

that's all i get. Then when I pressed ENTER on my keyboard I got what seems to be a process update:

guesses: 0 time: 0:00:00:26 (3) c/s: 5024K trying:LUIQE95 - LUIQEV$

If i press enter again it gives me a new update and the "time" and "trying" change (obviously) but the "guesses" always stays as 0. Is this what its supposed to be saying when its trying to crack a password?

My biggest concern is how to turn a .cap file into a into a .txt hashed file. Help?
Anonymous It is supposed to say guesses '0' until it has cracked the password. Then guesses will become '1'.
20 07-0 3-03 14:17 :50

Anonymous so everything is working properly then? I should just leave it running with my .cap file?
20 07-0 3-03 15:16 :33
Another question, since i'm using a .cap file and not an extracted hashed .txt file, what if my .cap file was to contain handshakes for more than one network? how does JTR request which one i want to crack?
r2d2 Hi, I am new at John. I've installed it but I don't understand how the copy of the password's file works. Where should I put it? I've tried to manipulate the passwd and master.passwd files inside /etc, but still nothing. Everytime I make a copy in the /run directory I get an empty one. Hope you could help, thanks
20 07-0 3-03 20:55 :37

Anonymous put the password file where john.exe is located

20 07-0 3-04 01:20 :51 that is where i put mine.
Anonymous thanks. But I am using Unix with macintosh, OS 10.4. Passwords are shadowed. I got my sha1 hash inside
20 07-0 3-04 17:16 :45 "/var/db/shadow/hash"
Now, Following the john installing instructions; I am using the john's unshadow tool, replacing "unshadow /etc/passwd /etc/shadow > mypasswd" to "unshadow /etc/passwd /var/db/shadow/hash > mypasswd".
What can I do? Should I copy the first 8 characters of the sha1, instead of the encrypted unix password in "/etc/passwd" file ?
How does john's "unshadow" tool operates? Thank you osix.net
Anonymous i am new at the whole hacking thing and before i get critisized please remember that you were a noob once to please be kind thank you...how do you do this part specifically the directory part (You with me? Good. Go to whatever directory to have JTR in. Type 'john' and press enter. A whole list of options will come up: )
20 07-0 3-05 19:41 :47

Anonymous can you get this integrated with ssh sessions?

20 07-0 3-13 13:53 :14

4 of 10 9/15/2013 9:14 AM
John the Ripper Tutorial - John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly... http://www.osix.net/modules/article/?id=455

Anonymous ok what the hell. i tried to run jtr. when i get to command prompt it just says c:\Documents and settings\hp_administrator no matter what i type.
20 07-0 3-18 14:59 :11

Domuk Sounds broken, try reinstalling Windows

20 07-0 3-18 16:11 :46

Anonymous K so to run john I type \john1701\run\john-386

20 07-0 3-21 00:24 :41 and get the whole list of options.

Then it tells me to just type 'john user.txt' (in this case I made my txt file containing the hash user.txt). However I think the tutorial is a bit outdated as john doesn't exist in the directory so I try 'john-386 user.txt' and still nothing.

Any help here please.

Domuk You're stupid, does that help at all?
20 07-0 3-21 07:11 :01

Anonymous I need to edit rules used with wordlist. One of my coworkers said that this password is good, and I claimed that it is not. It was just one word reversed and "o" replaced with "0". As a demonstration I run John to show him how fast that password gets cracked. To my big surprise John didn't crack it immediately. I checked wordlist and
20 07-0 3-22 11:17 :06 word is there, so that should not be the problem. So it must be the rules.

Domuk They're in the john.ini file, take a look at that.

20 07-0 3-22 19:37 :42

Anonymous I don't get this, I've got this hash that's

20 07-0 3-26 04:30 :17 331 letters/numbers/whatever so I put it into a
text file called pass.txt and opened up john, went to it's directory and wrote *john pass.txt* and it just
says *no password hashes loaded*.
Anonymous Those rules are somewhat cryptic. Any documentation and/or howtos howto create rules? (better than "RULES" -file has). It could be interesting to create rules that apply to my language better than standard rules.
20 07-0 3-26 05:57 :18

Domuk RULES is a pretty extensive document that gives the complete syntax. What more do you need?
20 07-0 3-26 07:42 :45
And the guy before, you have a "331 letters/numbers/whatever" hash? What type of hash is that exactly?

Anonymous Encrypted I mean... I was also thinking that maybe I had to unshadow it or something? How do you get the
20 07-0 3-26 08:01 :52 shadow file for doing that?
Domuk This is unrelated to John. It's not encrypted - it's base64 encoded. All it appears to be is an IRC script that will let other people control your client, or something. Shadow files are completely irrelevant, too.
20 07-0 3-26 12:26 :35

Anonymous Oh ok :/ Do you have any idea of how to use it in IRC?

20 07-0 3-26 12:28 :25

Domuk You don't! It sounds much like it's just a script that will make you vuln to people taking over your client, especially since it's encoded. You should really go somewhere else for your smut - I know you sound desperate, but give it up on that string. I'm sorry I've not been able to help you be dirty.
20 07-0 3-26 16:39 :36

Anonymous Alright, thanks for the help,

20 07-0 3-27 03:35 :03

Anonymous ---
20 07-0 3-27 05:35 :42 RULES is a pretty extensive document that gives the complete syntax. What more do you need?
---

I was just looking for some sort of tutorial or examples of how to tweak rules. If there isn't any, then I will figure that out myself.

BTW. Current John is about year old. Any info about development? It could be nice to add rainbow table -support for John and still use wordlists and raw power incremental mode as last resort. Also multi-core processor support and that sort of things would be nice to see.
Domuk Folks here are aware we're nothing to do with Openwall or the JtR project, right?
20 07-0 3-27 06:08 :38

IndianKnight It's an average article.It can be helpful to people who know what brute forcing is and can find their way around compiling, adding paths, etc.
20 07-0 3-27 23:34 :01
As to people asking how to get passwords to someones email accounts or social networking accounts; if you have to ask, you are not smart enough to do it.
You definitely don't have the skills to penetrate the firewalls, IDS systems and other security measures deployed by the aforementioned entities, hack in to their database, find the tables that old the passwords hashes and retrieve them and then brute force them.

Anonymous Ok, so I have downloaded the JTR file, but I'm using windows. First off, in command promot, "john" (without the quotation marks) is not an operable program. I've unzipped the john-1.6 folder directly into my desktop. so my command prompt reads:
20 07-0 3-28 15:37 :12
c:\Documents and Settings\Emilio\Desktop>

I've typed "john" following that, john-1.6, etc, and I can not seem to run the program. Any help?
Domuk You're an idiot.
20 07-0 3-29 05:26 :48

Anonymous Hiya, i'm looking for passwords to certain ...ahem adult websites, would this tool be useful in assisting me in my pervy endeavour? Thanks.
20 07-0 3-29 15:49 :58

Anonymous OK, I'm going to spell it out.

20 07-0 4-04 13:32 :54
JOHN CANNOT BE USED ON ANYTHING OVER THE INTERNET. Local files ONLY.

Good god, use something like Brutus or Hydra if you don't want to pay for your porn (or just delve into the magical world of torrents)...
Domuk I can't really imagine a situation where you 'need' to get into someone else's mail account without some kind of court order.
20 07-0 4-07 07:28 :41

Anonymous If you are an administrator and testing your employees passwords you would
20 07-0 4-07 12:45 :45

Domuk How is that "need[ing] to get into someone else's mail account"? That's an entirely different scenario, one which has many solutions available.
20 07-0 4-07 14:38 :19

Anonymous Can someone help me with what it should look like when I try to run it and btw the file is in my desktop
20 07-0 4-09 15:31 :41

Anonymous how do i get a password file for a facebook account. will pwdump work for html??? if so, how?
20 07-0 4-13 01:05 :00

Domuk On the person whose password file you want to get, post on their wall saying, "I'm a goddamn idiot" and it'll be e-mailed to you.
20 07-0 4-13 07:13 :13

Anonymous he he he.... :-)

20 07-0 4-23 10:56 :02

Anonymous I'm having the same problem that I've seen in some of the other posts -- and I think I've tried everything(except the correct way obviously). I have crack.txt in the same dir as John The Ripper. The John.exe opens fine - but when I try to load crack.txt(which contains one line-User:gyuJo098KkLy9- it says "No password hashes loaded"
20 07-0 4-23 19:39 :39 I've even changed crack.txt to open with John.exe, and tried every option available...so far failed every time. If someone could help me on this it'd be appreciated.

Thanks in advance

Anonymous Yeah mine says no hashes

20 07-0 4-25 18:42 :08

Anonymous well ,it seems that i am too dump to know how to obtain the encrypted password file for windows xp,in fact there are different types of password file i want to know how to obtain ,like zip ms word ,,,,,,etc ,can anyone teach me how ?????
20 07-0 4-25 20:32 :05

Anonymous all you dumbasses used google to get here, why not try using it to get the answers you seek.
20 07-0 5-11 05:26 :44
Wow, the only thing the internet did is show me exactly how many retards can own a computer.
Anonymous i cant seem to get past step 2. everytime i type in john into the command prompt, it says that john isn't recognised..help please!
20 07-0 5-24 23:01 :18

Anonymous cn i ask i kno it says dat the above to download the jtr is free but is it acuali free to download thanks i wld be grategull if u cld tell me
20 07-0 6-05 17:52 :08

Anonymous OK, I have already learned waaay more than I ever knew before about email, etc, since I found out my spouse has been cheating, but now he preety much keeps his laptap with him 24/7, and changed his outlook password , so I can't access his accoutn remotely. I think it is legal for me to read his email since he is my spouse, therefore
20 07-0 6-10 11:39 :51 I want to crack his password remotely, but everything I read above is literally GREEK, or would that be geek? (hee, hee) I can accept that I may clearly not have enough knowledge to be able to do this...Help, please, anyone! And, ok, I am a dumb newbie--I'll say it first. [email protected]

5 of 10 9/15/2013 9:14 AM
John the Ripper Tutorial - John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly... http://www.osix.net/modules/article/?id=455

Anonymous hi all,
20 07-0 6-14 05:36 :36 i wish to know how to crack yahoo passwork i think mmy girl she is cheating on me !
please send medetails on how ttogo about it on [email protected]
Thanx

Anonymous um hi i am trying to crack my old password with john the ripper and i am having diffaculties can some 1` help me
20 07-0 6-17 16:01 :25

ineedacoolusername ok...I'm as newbie as they get. I need major help. I've downloaded JTR, but now i'm trying to run it in the command prompt, but I can't seem to figure it out. PLEASE HELP ME!!!!!!!!!!!!
20 07-0 6-18 17:58 :07

Anonymous John tells me that "no password hasches loaded". This is strange since in my JTR folder have a file with a username and the password (named pass.lst), which looks like this: hell:$1$Y0Cc8$dVJAvE5CyLKaQONpAKk5R
20 07-0 6-22 03:15 :40
i run john the following way:
./john wordlist:password.lst pass.lst

This looks ok, doesen't it? So why does john tell me that no hasches are loaded? I already know the password and I actually added it to the wordlist. I did this just to check if I could get things working but obviously I can`t. Help please?
Anonymous I have John running and tested it against an exported windows password file where I already know the passwords. It did, in fact, crack them but reported them in all caps when the passwords actually have mixed case letters. For example, the actual password is "Dog7Dew" but John shows it as "DOG7DEW".
20 07-0 7-13 14:08 :45
The Windows login is case sensitive on this system In other words "GOG7DEW" won't work. What do I do now to get the correct case besides manually trying all the possibilities?
Anonymous im a neb at this so could you use this for myspace pawords if you know there email
20 07-0 7-29 15:24 :33

Anonymous OK, i just read every comment above and nothing is working, I'm very new at cracking and i dont understand the "unix" part and i cant get past the extraction step(in other words cant open it) please help.
20 07-0 7-31 08:24 :20

Anonymous P.S. (same guy from above) For all the people trying to get myspace passwords what are some examples to what JTR can get passwords too.
20 07-0 8-01 06:25 :40

Anonymous i type john and nothing happens a big PROBLEM

20 07-0 8-17 17:57 :26 not internalor external command
i unzip it like the way you said
i go to the directory where it was
and nothing happens
so i decided to watch porn movies instead
and i also masturbate
its good no problem

Anonymous "john" is not recognized as an internal or external command, operable program or batch file.
20 07-0 9-07 05:04 :34 What am I doing wrong here? Please help me
Anonymous F..k me,i dont understand.where ever i click to download JTH (i mean in all available websites) comes up a warning message that its a virus!!!!.what do i do?download it anyway?or maybe i gop wrong site? can i get a link pleeeaaasee??? [email protected]
20 07-0 9-08 19:17 :17

Anonymous I have a big problem i keep on getting an error that says i the file was not found i do put crackme.txt and i saved the file in the run folder as crackme.txt wat the hell am i doing wrong
20 07-0 9-26 16:58 :45

Anonymous hi guys, listen, at the begining when he say:

20 07-0 9-26 22:09 :09 "Go to whatever directory to have JTR in. Type 'john' and press enter." he means to write in on the command? if so, what do i right i dont realy understant plz help :/

Anonymous hi guys, listen, at the begining when he say:

20 07-0 9-26 22:10 :10 "Go to whatever directory to have JTR in. Type 'john' and press enter." he means to write it on the command? if so, what do i write i dont realy understant plz help :/

Anonymous say u have it on desktop?

20 07-1 0-05 22:52 :31 cd\ to ure desktop and in to ure JTR folder and subfolders until u see john.exe when u run a DIR command, then type john

Anonymous How does that wor for MacOSX though?

20 07-1 0-14 09:54 :43

Anonymous would like to search INCREMENTAL length=8 Only capital characters. That should not be hard to do ...but for me it is.
20 07-1 0-17 19:12 :51 In other words:I would like to use incremental mode with a custom char set. Could someone Please help me out...would appreciate is very much...!
Anonymous Anonymous wat u do is type C:\Desktop\john1701\run\john-368.com in the command prompt.
20 07-1 0-23 23:10 :03

Anonymous Hello everyone, I need help:

20 07-1 0-30 23:13 :16 I have 3 files rar with password, every password is contained in "wordlist?" This type:
Srtgertg: 453gf4e5f
45 g45g45: g4g545g45
45 tg455g: 563546356

I open the prompt and I write: John pass.txt (pass. txt = Srtgertg: 453gf4e5f 45 g45g45: g4g545g45 45
tg455g: 563546356)

I wrong?

Thanks in advance ^ ^
Anonymous Hello everybody, here is another dork spending hours of debate over something (supposedly) simple.
20 07-1 1-18 15:02 :22 How do I crack a simple md5 with JTR?

I've tried sticking it inside a file, tried sticking it in a file with "User:*myhashhere*", I've tried somehow feeding it into JTR from the commandline, nothing seems to work!

I've read through every single manual page about three times, and I don't see a single reference to the actual passwd file itself.

Now this is seriously bothering me, since I should have gone to bed about 5 hours ago.

-Insane
Anonymous last anonymous, the password is probably shadowed so you need to do is:
20 07-1 1-20 11:23 :33 unshadow /etc/passwd /etc/shadow > whatever.txt
john whatever.txt
ok so far with a MD5password but i cant do it with a .htpasswd :( anybody can help?
Anonymous Hi.. where should i put the crackme.txt? if i put it in /WINDOWS/JTR/RUN/ and then trying with john -single crackme.txt or /WINDOWS/JTR/RUN/john -single crackme.txt. If i type john -single crackme.txt in command it just saying in command JOHN is not a recognized as an internal or external command,operable program or batch
20 07-1 1-21 18:50 :17 file. and when i type /WINDOWS/JTR/RUN/john -single crackme.txt then it say stat:crackme.txt: No such file or directory Why?
Anonymous user:$1$oh_rF\AR$hHmZ/5QJUt4S47KkdU1wm/
20 07-1 1-22 13:04 :25
which format is this
help

Anonymous This is MD5 !

20 07-1 2-05 18:00 :13

Anonymous its not about passwords only how do you retrieve the username as well?
20 07-1 2-15 16:58 :59

Anonymous i need help!!! i saved the run file in windows and when i type "C:\WINDOWS\run\john-386" the list appears. then right after when i type john it says that it is not a recognized command.
20 07-1 2-21 08:50 :42

Anonymous Hi,
20 08-0 1-05 17:35 :41 I have done everything mentioned, can you belive i read all the comments, but i am still having a problem. I have some front page user names and passwords, i have save one to a .txt file which is in my jtr\run\ file, yet when i use JTR it cant find the file (which is called crackme.txt). I have tried all ways of C:\JTR\Run\john-386 --single
crackme.txt. I am a noob at this, and i am sure the answer is a one liner, but can some one help

Thanks
Anonymous Hi,
20 08-0 1-05 17:44 :29 No need to answer above sorted it, just got the "No passwords hashes loaded"
For anyone else in the cmd. you type

C:\JTR\RUN\JOHN-386.EXE -single C:\JTR\RUN\crackme.txt

Now i just got to sort out the pasword hashes..!!

6 of 10 9/15/2013 9:14 AM
John the Ripper Tutorial - John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly... http://www.osix.net/modules/article/?id=455

Thanks
Anonymous Hi,
20 08-0 1-05 17:44 :34 No need to answer above sorted it, just got the "No passwords hashes loaded"
For anyone else in the cmd. you type

C:\JTR\RUN\JOHN-386.EXE -single C:\JTR\RUN\crackme.txt

Now i just got to sort out the pasword hashes..!!

Thanks

Anonymous could someone please help

20 08-0 1-06 18:13 :55
iv made a user.lst file for my hashes and i only have "one" in there its a md5 hash (i think) and iv entered it like this:

Username:25650364b4d298c949e6fb4844facdcc

i know that works for DES hashes as iv used it but do i need to change soemthing for md5 hashes

i ask becasue when i type "john-386 w=passwords.lst users.lst" it says its loaded 2 password hashes with no different salts even though i only have one password hash

and when i try "john-386 format:MD5 users.lst it tells me that theres no hashes .... "no hashes loaded"

can anyone tell me where im going wrong

Anonymous Hey can someone please help, I am trying to hack this internet's WEP password. I am trying to get into this network so I can use their WiFi connection, how do I use JTR to figure out the password?! help would be greatly appreciated if you could email me at [email protected]
20 08-0 1-14 23:28 :28

Anonymous IM SO GODAM ANNOYED! What the hell does he mean by this? "You with me? Good. Go to whatever directory to have JTR in. Type 'john' and press enter. A whole list of options will come up"
20 08-0 1-26 05:05 :40
How can i go to the directory with JTR in it, and what do i type "john" into at that point?!
Anonymous dude I tried all this and it said unable to load main program what the heck
20 08-0 2-12 02:39 :15

Anonymous it might be a good idea, everybody, not to post actual pass hashes
20 08-0 2-13 02:12 :24

raji Hi
20 08-0 2-27 13:51 :12 i have the follwoing password i wana decrypted helpppp ..... its to important to open it the password is
$1$Cx/SGJ7b$hkWSHa4W27OvJFXK1T4aP.:13886:0:99999:7:::

i will wait pls help me

Anonymous Ok, I got JTR and I opened Command Prompt.. and I try to go to the location but it keeps saying it's not recognized as an internal or external command. Do I need to put JTR in a certain location?
20 08-0 3-24 22:18 :16

Anonymous Thanks for all the help i git from this site i now have " Loaded one passwword hash Free bsd 32/32 "
20 08-0 3-31 11:23 :49 and the cusor is blinking.
Does that mean the programme is working ?
How will i know when it is finished ?

Thanks
Anonymous hi guys pretty plis one quaestion how c ome im tryng to type john to get the list iw as soupuse to get and is telling me that is not reconognized as aninternal or external program or batch file .
20 08-0 4-10 05:22 :58 Ms thing :-)

Anonymous Incredible. This thread is clearly aimed at people who do NOT understand how to do this, so when someone comes along who, amazingly, does NOT understand it some fuckhead calls them 'stupid'.
20 08-0 5-06 14:59 :45
I don't understand hacking either, but having a masters degree in biophysics I daresay I understand that a bit mmore than said fuckhead(s), so does that make them stupid too? Or does just their having nothing better to do than rubbish people trying to find info qualify them right off :-)))

Anyway, thanks guys for some helpful stuff on here, and as somebody else said, if you think the OP did a poor job, do it yourself, better! At least he spent a bit of time trying to be helpful.

Anonymous hey guys...i'm new with this...

20 08-0 6-01 13:14 :59 can anybody tell me where to get the password file?...

Anonymous Go to whatever directory to have JTR in. Type 'john' and press enter......can someone please tell me in greater detail how to do this???
20 08-0 6-04 03:01 :24

Anonymous hey just got this and i cant even get it to work i get it open and have my text file to crack but im stuck does the password.lst actually work ive tried lots to get it to work but dont have a clue wot im supposed to be doing any help feel free to email me at [email protected] thanks
20 08-0 6-05 10:30 :05

Anonymous nice google rank.

20 08-0 6-09 19:25 :56
The author comes off like a "knobhead," ture, but some of the OMGCanUcrackThIsHotMailACCt ppl are almost as annoying.

All in all, not a bad tut if you ignore the ego. Then again, I've used JTR before.

Anonymous Hi.
20 08-0 6-18 05:30 :47
1. Strangely enough, when I load a pw, it says: loaded 1 password hash and when I press a key it says: ''Guesses 0 trying blabla1 - duckatell34'' or something like that.. I really don't know how long to wait or if it will even eventually come up with something...

2. I'm trying to hack my way from the wwwboards folders into the administration of sites, using: john -pwfile:hehe.txt -wordfile:WF.txt to cript it to UNIX, as have I included: '':-2:-2:anonymous NFS user:/:/bin/date'' behind the password and user making it look like: ''Admin:asd345sd3:-2:-2:anonymous NFS user:/:/bin/date'' to
prepare it for UNIX encryption.

I could really use some help on this if anyone knows anything on the subject, please contact me via: [email protected] (Messenger) or perhaps answer here, although this is my first visit here and I don't know if I'll ever come back :)

Hoping to discuss hacking with you, sincerely me.

Anonymous got it totally working thanks
20 08-0 6-27 23:07 :22

Anonymous anonymous is acting like he is a noob. cant you see that he is giving out like 4 of 5 different im accounts. he is trying to find your ip then attack. look. at the begining he acted like a total noob. then at the end went for more knowledgeable people by speaking more advanced. basically he is trying to act like a noobie to fake people into
20 08-0 8-13 02:25 :09 going to one of those IM messengers and putting him down for being a noob while in all reality he is attacking the offender

Anonymous Someone earlier was asking how to do this for a linux system, and I can help here, if it uses the Grub bootloader. On Linux and Mac, the password hashes are stored in the /etc/passwd file, and in order to access the system, you don't even need another device, you can access it in single user mode. When the bootloader comes up, press
20 08-0 8-23 06:40 :16 e on the kernel line to edit it, and add "init=/bin/bash" to the end of the line. (remove "splash" if it is there) then hit "b" to boot into single user mode. Now you can either copy /etc/passwd onto a flash drive or something, or just look at it, then write everything down, but that's a pain.

Domuk They've started putting hashes back in /etc/passwd? Or have we gone back a decade?
20 08-0 8-23 12:04 :42

Anonymous hey my command window wont let me go 2 the directory with JTR. idk y. can u tell me wat 2 type exactly in the command window
20 08-0 9-21 21:44 :56

Anonymous THIS IS MADE OF FUCKING FAIL. NOT EVEN YOUR EXAMPLE WORKS.. NO HASHES LOADED??? FUCK YTOU.
20 08-0 9-29 00:48 :45

jeffarri Can someboby please help me on how to enter into another password protected computer within the same network without physically accessing that computer.
20 08-0 9-29 09:28 :13 Please email me at [email protected]
Anonymous cud sum1 plz help i get in to c:\john1701\run and that it i trype joh it says JOHN is not a blah blah blah
20 08-0 9-29 23:37 :49

Anonymous Is it possible to set JTR to check only a specific password length?

20 08-1 0-17 10:16 :16

Anonymous In the john.ini file if i add the line:

20 08-1 0-17 21:31 :16 EXTRA = !@#$
in the [Increme ntal:Alnum]
does it mean that John will test digits, alphabets and characters i specify in the EXTRA statement
Anonymous I'm sorry to say this, but as I read this page I'm astonished at how many RUDE people are allowed to post here without anything being done about it... you call people "dumb","knobheads", and whatnot, plus the tone you people take against newbies is just shameful. Gentlemen, I've only been around for a good year or so, so I've a lot
20 08-1 0-27 21:42 :26 of catching up to do, but... DO NOT FORGET THAT YOU ONCE STARTED OUT AS NEWBIES JUST LIKE EVERYONE ELSE. And even if you feel the need to make people do some serious googling before asking questions: BE POLITE, FOR FUCK'S SAKE!!!!!!! Being such magnificent geeks in this world must make you quite unloved and unwanted
back on planet Earth, but try not to take it out on everyone else, it just shows you for the unadjusted social derelicts you really are!!!

7 of 10 9/15/2013 9:14 AM
John the Ripper Tutorial - John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly... http://www.osix.net/modules/article/?id=455

sunikem Hi All,
20 08-1 1-09 17:57 :42 I have to agree with the last comment.
I followed the tutorial and everything worked fine.
My password is fairly secure, and I can remember it!
Thanks for a very helpful tutorial as the man pages can be a bit unhelpful to someone such as myself with limited time and intelligence.

Anonymous hi i do not understand how to run this program but i was just wondering if anyone knows how to get into photobucket i lost my password and cannot get into it now if anyone knows how message me at [email protected] thanks
20 08-1 2-07 23:05 :48

Anonymous Funny how some people just refuse to expend a little energy using their brains. I don't mean to offend anyone but how tough is it to extract the executable and run it from the command prompt pointed to a text file? Maybe it seems overwhelming but this is a tool designed to test the integrity of passwords - some of you people are so
20 08-1 2-22 02:31 :38 excited about hacking some stranger's website that you forget how to think...
Anonymous for people who keep asking stuff that's already been answered like "what doe's he mean type john then enter" the question's have been answered,just take your time reading the thread.
20 09-0 1-22 11:23 :23
while i'm here could some one post a link to a legit working "none virus" JTR please

thank's original poster for info.

Anonymous Solution for not working MD5-Cracking might be, that your version of JOHN does not support a hex-coded raw-MD5
20 09-0 2-12 21:04 :08
see:
http://marc.info/?l=owl-users&m=108047831526332&w=2

alternatively try this tutorial:

http://echtor2oo3.de/index.php?entry=entry080907-184531
Anonymous Domuk
20 09-0 3-03 00:28 :52 2003-12-23 23:07:16 <- First post's date

Anonymous
2009-02-12 21:04:08 <- Last post's date

XD
Reading through this was wonderful amusement.

-Sachi
Anonymous <b>HM</b>
20 09-0 3-28 20:58 :08

Anonymous I was able to install John using the package manager in Ubuntu. Either Synaptic or directly for the impatient with
20 09-0 4-13 12:23 :39 sudo apt-get install john

A couple of years ago I would have thought that it would be very strange to ship a tool like this with the operating system, right there at your fingertips with a minimum of effort. If there was one tool I had to spend time googling and downloading manually, this would be it - and yet, no, there it is, right there! But then, I guess that's just
the Linux way isn't it? To have everything instantly at your fingertips.

Anyway I digress.

Once it was installed I noticed it was in my path so it was fully usable immediately, by typing "john" anywhere at all.

Furthermore, to view the more up to date manual of course you can type
man john

or even
info john

And there's always the obvious:

john

which lists all the usage options.

For those wondering how long it will take them, here is how John performs on my system. Note that I had a lot of other processes running, particularly during the "Standard DES" benchmark:

/tmp$ john -test

Benchmarking: Standard DES [48/64 4K]... DONE
Many salts: 220646 c/s real, 241936 c/s virtual
Only one salt: 230348 c/s real, 230810 c/s virtual

Benchmarking: BSDI DES (x725) [48/64 4K]... DONE

Many salts: 8097 c/s real, 8488 c/s virtual
Only one salt: 7541 c/s real, 7633 c/s virtual

Benchmarking: FreeBSD MD5 [32/32]... DONE

Raw: 4092 c/s real, 4209 c/s virtual

Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE

Raw: 253 c/s real, 253 c/s virtual

Benchmarking: Kerberos AFS DES [48/64 4K]... DONE

Short: 229273 c/s real, 229273 c/s virtual
Long: 644147 c/s real, 648035 c/s virtual

Benchmarking: NT LM DES [48/64 4K]... DONE

Raw: 1847948 c/s real, 1847948 c/s virtual

It broke the password "cat" instantly.

Testing against a real password file with proper passwords, it's got nothing so far. The passwords are alphanumeric and that might be the cause; I could have to switch to brute force (although I'm in no rush).
It's been going for an hour now, so this could take a week or two, I don't know as I don't normally do this sort of thing.

I already have a list of all the passwords in the file so i will know whether it got it right. They're all semi-difficult passwords like red69apple; I suppose that's adequate for most purposes.

I'm sure this goes without saying but if you have to ask "Can this break into a friend's MSN account" then please stop being an idiot. If you want to be a hacker then learn a programming/scripting language, then you won't have to ask questions like these.

If it's not important enough to you to learn a new language, re-evaluate your goals. Go take up a sport or work on your car. Get a girlfriend. John The Ripper is not for you.

PS I had to use javascript on to use this form, it would have been nice if it was at least mentioned somewhere near the form.
Anonymous Man never use apt-get for john its really outdated version you'll get in return
20 09-0 4-20 17:16 :11
Download the latest Unix source from official site http://www.openwall.com/john/

Read doc's about compiling

You'll gain 10x speed

BTW its not that hard ;

Anonymous If you have to ask, you are not smart enough to do it. You definitely don't have the skills to penetrate the firewalls, IDS systems and other security measures deployed by the aforementioned entities, hack in to their database, find the tables that old the passwords hashes and retrieve them and then brute force them. flash games
20 09-0 4-22 08:50 :38

Anonymous If you have to ask, you are not smart enough to do it. You definitely don't have the skills to penetrate the firewalls, IDS systems and other security measures deployed by the aforementioned entities, hack in to their database, find the tables that old the passwords hashes and retrieve them and then brute force them. flash games
20 09-0 4-22 08:51 :03

Anonymous ...I'm just glad I never joined this discussion board. People who look for pages like this probably aren't system admins yet. They're looking to learn; maybe become one some day. Some are looking for porn or otherwise up to no good (or trying to break into Facebook; a point of advice to those who plan to use this for illegal stuff: don't.
20 09-0 5-17 18:30 :41 The people you see on the news who are caught are inexperienced nerdowells just like you. Any decent system admin would know you're doing naughty things in their backyard before the program loaded to your screen. So if the trollfest in here has not soured you to JTR, a reminder that script kiddies + servers = jailtime hopefully will),
but I'm sure a lot of the users that have been snubbed so rudely here are just trying to learn how to do things with their PC, or been given a legitimate task. Thats why I came in here; looking for info on this program because I have never needed to crack (legitimately or been inclined to illegally) these security features before.

8 of 10 9/15/2013 9:14 AM
John the Ripper Tutorial - John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly... http://www.osix.net/modules/article/?id=455

Even the Woz learned from other peoples' experience. A great man stands on the shoulder's of others. You didn't learn what you know siting in the dark with nothing but the box. You had a book, a guide, a guru. Calling people stupid every other posted comment may make you feel superior, but it only shows how ignorant you are of
your own learning process.

You don't even realize that you needed help to. When the time comes that you need it again, I can only pray you will receive a better response than those you have given.

Anonymous "so if you are lame don't mess with it" "No, I wont tell you how, go away" This Renegade is a complete tool. He probably thinks of himself when he is punching the puppet late at night. I should kick the snot out of him and take his lunch money.
20 09-0 5-18 17:54 :18

Anonymous Wow - this site is cheaper than therapy! All these bad mouthed geeks and thin-skinned newbies; I must be in the right place.
20 09-0 6-30 13:50 :34
I realise that being anonymous sucks and for more reasons than Freud or Jung can name, so I promise to sign up with a real name if I spend more than 10 minutes here.

I'm using John 1.7.0.1 on Windows with a password file dumped from Pwdump2. I'm trying to set it up as a scheduled tool to scan the network for insecure passwords and such. After a bunch more scripting than a man with a life would want to do, I just discovered when testing passwords that John doesn't want to do any work with
passwords over 14 characters long and happily tells me that he loaded 1 password hash (good for him) and his day is done.

Does John only work with passwords of 14-characters or less (presumably in the LM hash) or am I missing something really obvious?

Thanks in advance for any useful help and any entertaining assaults on my intelligence.
Anonymous Depends which hashing algorithm you want john to use surely? Windows doesn't store passwords over 14 characters as LM hashes so there's no point - it uses NTLM after 14 characters. N.B. Vista stores the passes as NTLM hashes by default now that they've realised that a small child can break LM hashes due to the way in which they are
20 09-0 7-01 13:25 :33 created.

In fact, as I understand it, to create the LM hash the plaintext password is cut into two 7-character sections (with the 2nd one padded with 0s to make it up to 14 characters) and each section is then hashed separately and the two hashes then concatenated to form the final hash. Thus there is actually no need to use above 7 characters
for breaking an LM hashed pass with John as you can just split the LM hash in two and bruteforce/dictionary attack each section independently, greatly reducing the computation time necessary.

John apparently has inbuild detection of the hashing algorithm used to generate the ciphertext, however you can explicitly specify it using the command line switch '--format=<insert_ciphertext_format_here>' the accepted formats are given on the John man page.

Hope that helps

Anonymous hi, completely new to this game.... need to crack an orange mobile account as believe my husband is playing away from home.... will john do this for me ??
20 09-0 7-10 00:22 :33 Thanks in advance
Anonymous if in JTR/run folder is deleted file john-384 result on cmd run will be:
20 09-0 7-24 16:16 :42 <<<No password hashes loaded>>>

with this(john-384) file everything works. campare your jtr.rar and jtr folder if nothing is delated by antivirus.
Anonymous got cygwin jtb and it still wont work on xp or vista how do i make it work
20 09-0 9-28 02:21 :43

Anonymous can you show me the unix type i cannot see it

20 09-0 9-28 06:07 :05

Anonymous hello...how can i get a password file?

20 09-1 0-07 11:06 :00 [email protected]

Renegade This is truely incredible. I wrote this article at least ten years ago, I was fresh out of high school I believe. This isn't the first site, nor was it the last, that this article was posted on. I did not do all of the postings. It's on forums, other sites, and forwarded in emails.
20 09-1 0-12 21:00 :00
Yes, it sucks. I had only just found out what a computer was. I was 14 (yes, I graduated high school at 14). Please stop emailing me about this. Do not add me to msn. I have no interest in teaching you "how to hack". Do people even know what that phrase means? If you can't figure out how to use JTR from this and/or the manual,
you're in the wrong field. Go play sports or something.
Anonymous I'm sorry, that was an impersonation of me, I really do want everyone to email me asking as many questions as I can. I'm eager to teach everyone. So remember, email me! Hackers Unite!
20 09-1 0-12 21:02 :41

Domuk It's the fourth match for John the Ripper, and I bet it ranks highly for a few other choice terms. No idea how it happened, but pretty awesome rankings.
20 09-1 0-12 23:24 :58

CodeX "John The Ripper Tutorial" returns this first, osix seems to do quite well in google rankings
20 09-1 0-13 10:07 :37

Anonymous I got the list up and everything using john1701\run\john-386

20 09-1 0-19 19:13 :00 but now i dont know how to make it get to tell me my admins pass (btw : getting pass because admin forgot it and only other acc is a limited so [this is a till-pc] its pretty much useless without admin .. please reply or send message to [email protected] please please plaeses
Anonymous Can JTR be use to hack lets say youtube?
20 09-1 0-25 05:41 :41

SAJChurchey If you had the password hashes stored in the db, maybe. But JTR takes a hash and checks each password against the hash until it finds a match. So JTR was meant to be used once you have access to the system and the password file.
20 09-1 0-26 18:15 :55

Anonymous this tutorial is lame ! I like the part where he say : Ok, ok, I'm just lazy. Shoot me. !
20 09-1 1-02 03:10 :21 =))))))))))))))
so why did u do this tutorial ?! :)))
skids die in hell !

Anonymous Hello, how does it work in EBCDIC password?

20 09-1 1-13 15:22 :52 Thanks
Anonymous need to install john for my homework, i just need to pass this homework. what do i type in the command line after copying the files under the run folder to a separate directory? btw, i'm not a tech guy, and i am using windows xp.
20 09-1 1-13 20:09 :47

Anonymous Hi everyone. Is there a way that jtr shows me or list only the uncracked hashes?
20 09-1 1-30 16:47 :09

Anonymous Hi people, the same as anonymous above.I have to merge all my pf, use jtr and save only the uncracked. My question is if there is there a command or a way to do so
20 09-1 2-02 02:54 :26

Anonymous How much time does it need to crack a password in incremental mode + numbers and letters and some secial characters ? It brake password with just numbers for less then 10 minutes but can not brake letters and numbers for 22 hours!
20 09-1 2-23 07:51 :23

Anonymous about JTR, if you tried a brute force alpha but without succes
20 09-1 2-27 22:21 :03 but you need to find it so you do bruteforce all char that would mean that all JTR would try all the alpha combinations to because alpha is a part of all. is there a way to say that JTR can skip all the combinations that only contain alpha chars?

Anonymous How do you chmod it under Windows98? Sometimes it gives you a chmod error.
20 10-0 1-01 23:51 :09

Anonymous what the fuction of jtr?and it's can use in windows XP

20 10-0 1-06 06:40 :48

Anonymous Wow so many script kiddies that don't even know how to use a command line. to all the Anon's saying this is lame, you are all lame and stupid. If you can't figure it out jst go load your GUI up and go back to playing video games
20 10-0 1-07 22:21 :01

Anonymous >what the fuction of jtr?and it's can use in windows XP

20 10-0 1-13 12:51 :37
To crack weak passwords. Yes you can run it from Windows XP.
Anonymous > Can JTR be use to hack lets say youtube?
20 10-0 1-13 12:53 :48
No. Well, I dont know what hash function youtube stores its users passwords in, but I suspect you wont get far asking the company to provide them to you.
Anonymous Excellent proggie. It actually works. It gave me the password in 3 days time.
20 10-0 2-16 14:08 :35 I'm looking for a multiprocessor version for Windows.
Thanks.
sally will JTR work on .plist files?
20 10-0 2-18 08:16 :18

Anonymous thanks for the tutorial it worked great. if theres someone who cant follow this simple tutorial they definately shouldn't be using John the Ripper.
20 10-0 2-19 03:02 :03

Anonymous Just a quick tip:

20 10-0 2-24 17:16 :21
For people over the last 3 years coming here and asking the same questions, NO! It will NOT work on ANY website without ANY knowledge of programming or scripting. So, screw off.

Another thing, JTR is NOT an interface-based program. If you don't know how to get to cmd, piss off. If you don't even know what cmd is, piss off.

For people that actually know what they're talking about, yes this can be very useful for password recovery, more mainly used for a *NIX system, in my opinion, as the password files need to be constructed as such.

If you're looking for a password recovery tool that can be used for Windows passwords, you can use something called "Cain & Abel."

9 of 10 9/15/2013 9:14 AM
John the Ripper Tutorial - John the Ripper may be simple for many geeks to use, but newbies and geeks in training may find it difficult to do exactly... http://www.osix.net/modules/article/?id=455

Good tutorial.

-Morph
Anonymous How could I use it to Brute force to a another PC on my network? Btw really nice article.
20 11-0 2-26 05:50 :19

Anonymous nice article, too bad it kinda sux for beginners since there are no screen shot.
20 11-0 3-04 10:51 :11

Anonymous Yes, it should not be used by beginners. Use this instead:

20 11-0 3-11 11:45 :15 http://www.hellboundhackers.org/articles/746-john-the-riper-a-noob-friendly-guide.html
Anonymous That is the <a href="http://www.sanaldiziler.net" title="dizi izle" target="_blank">dizi izle</a> precise weblog for <a href="http://www.dizixfilm.com" title="film izle" target="_blank">film izle</a> anybody who needs to seek out out <a href="http://www.filmxizle.org" title="film izle" target="_blank">film izle</a> about this topic.
20 11-0 4-05 20:40 :50 <a href="http://www.dizixfilm.com" title="film" target="_blank">film</a> You understand a lot its virtually <a href="http://www.dizixfilm.com" title="film seyret" target="_blank">film seyret</a> onerous to argue with you <a href="http://www.dizixfilm.com" title="dizi izle" target="_blank">dizi izle</a> (not that I truly would
wantHaHa). <a href="http://www.boluoteller.net" title="bolu" target="_blank">bolu</a> You definitely put a <a href="http://www.boluoteller.net" title="bolu otelleri" target="_blank">bolu otelleri</a> brand new spin on a <a href="http://www.bolusite.com" title="bolu" target="_blank">bolu</a> subject thats been <a
href="http://www.pembeler.com" title="oyun" target="_blank">oyun</a> written about for years. Nice stuff, <a href="http://www.pembeler.com" title="oyunlar" target="_blank">oyunlar</a> simply great!
Anonymous Hey.... I need the password to [email protected] I am willing to pay 100.00 dollars for it by paypal... if you can assist me with this reply to [email protected] thanks.
20 11-0 4-16 00:02 :56

Anonymous I bloged about password cracking and John the Ripper here: http://codebazaar.blogspot.com/2011/05/why-we-need-strong-p4ssw0rds.html
20 11-0 5-05 05:03 :24 Matthias

Anonymous if someone crack this .htpasswd it will be great, I couldnt manage it with JTR on win xp, it just sucks, nothing happened.
20 11-0 5-09 01:00 :18
admin:X3rbeZ09jyPsQ
Anonymous or
20 11-0 5-10 08:05 :50

Anonymous if someone crack this .htpasswd it will be great, I couldnt manage it with JTR on win xp, it just sucks, nothing happened.Dress code or more accurately are written and more often not unwritten rules with regards to clothing Clothing like other aspects of uman physical appearance has a social significance different rules
20 11-0 5-10 10:20 :24

Anonymous Hi , where do i have to put "crackme.txt" JTR can't find it even in "...\RUN\crackme.txt"
20 11-0 5-19 19:44 :14

Anonymous REally piss poor attempt. The author has shown their limited skills and tried to act "elite" by saying "I wont show you". For the learners among here, there are much better tutorials, including on youtube where the educator is respectful and knows what they are doing
20 11-0 6-05 13:20 :27

Anonymous hey how can i add the crack file i put john crack.txt and it says it is not a runable program
20 11-0 6-22 17:22 :15

Axe Apollo Space Academy

www.axeapollo.co.id/
Mau Jadi Orang Indonesia Pertama Di Luar Angkasa? Daftar Sekarang

Anonymously add a comment: (or register here)

(registration is really fast and we send you no spam)

BB Code is enabled.
Captcha Number:

Tutorial Password Cracking Password Cracks Network Passwords

Blogs: (Peo ple who have posted blogs on this subject..)

MaxMouse PSP on Mon 7th Sep 10am

I was going to write an article on PSP NIDS, but when i started doing it, it felt as if it dropped a little short of what i wanted it to be, and wasn't particularly long (or interesting to people not associated with the PSP Scene). I did write about it

halsten Backdoor.W32.Small.PF Analysis on Mon 7th Jan 3am

A long time has passed since my first analysis paper, but here is another one. This time its short and small. The package contain all the necessary files to get you started on understanding the malware. I hope its better than my last paper. You can chec

halsten Malware Analysis on Sun 5th Aug 3am

Hello all, in here (http://iamhalsten.thecoderblogs.com/200 7/07/23/malware-analysis/) you can find my latest analysis paper for a malware I've analyzed. The paper is extensively and comprehensively documented. Have fun reading it. -- halsten http://i

sefo AVG's Restore File As... on Wed 30th Aug 1pm

It is possible to restore infected files from the vault to the 'computer' using the option 'Restore File As'. So I restored as 'blah.xyz' the wmf file AVG found the other day and I put it on the desktop. My surprise was to discover that AVG restored

Test Yourself: (why not try testing yo ur skill on this subject? Clicking the link will start the te st.)

Cryptography by TroPe

This test will cover Symmetric cryptography, public keys, key management, and some questions on cryptanalysis. If you know a little something about Crypt stuff, give this test a shot!

Your Ad Here

Copyright Open Source Institute, 2006

10 of 10 9/15/2013 9:14 AM