johntheripper mini howto

cracking passwords

simple crack on single user "admin" in password file using default john word list and settings

# john --users=admin --session=mycrack /etc/passwd

the password file must include the password hashes

crack using specified word list

# john --users=admin --wordlist=/var/tmp/wordlist.txt /etc/passwd
Loaded 1 password hash (FreeBSD MD5 [128/128 SSE2 intrinsics 12x])
abc123       (admin)
guesses: 1  time: 0:00:00:00 DONE (Sat Jun  7 00:35:56 2014)  c/s: 3.33  trying: abc123
Use the "--show" option to display all of the cracked passwords reliably

(this test wordlist was just one word with a known password of abc123 for admin)

crack status

to view status of an ongoing session

john --status=<session_name>

example

# john --status=mycrack

showing successfully cracked password

john will report successfully guesses to stdout as in the example above. but, if you backgrounded or closed you terminal and want to view it after the fact... then john records them in $HOME/.john/john.pot. this file is not human readable. to view contents run...

john --show  <path_to_cracked_passwd_file>

# john --show /etc/passwd
admin:abc123:0:0::/home/admin:/bin/bash
1 password hash cracked, 0 left

shadow files

if the system you are trying to crack passwords on uses the /etc/shadow file to store password hashes (very likely), then use john's unshadow utility to construct / consolidate the /etc/passwd and /etc/shadow into one file for cracking

example

# unshadow /etc/passwd /etc/shadow > /var/tmp/passwd-shadow