Learn Pentesting like a Pro!

Share this post

Cracking passwords with John the Ripper

pentesting.academy

Cracking passwords with John the Ripper

Easy tutorial to learn the basics of password cracking

pentesting.academy
Mar 5, 2021
Share this post

Cracking passwords with John the Ripper

pentesting.academy

If we are cracking local accounts passwords in a Unix/Linux environment. First you will need to merge "/etc/passwd" and "/etc/shadow" system files into one:

unshadow passwd shadow > passwd.1

Then there are two possible techniques:

Technique #1: Dictionary Attack

This is useful when we have a long dictionary with common passwords, so we want to audit that no user is using a weak password. One good dictionary you can get in Kali Linux is rockyou.txt, it contains a nice selection of 14,344,392 most common passwords (Kali 2021.1).

cp /usr/share/wordlists/rockyou.txt.gz .

gunzip rockyou.txt.gz

john -w:rockyou.txt passwd.1

Technique #2: Brute-force Attack

If the passwords are very short, we can use brute-force to get them easily:

john -i passwd.1

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.

Share this post

Cracking passwords with John the Ripper

pentesting.academy
Comments
TopNew

No posts

Ready for more?

© 2023 pentesting.academy
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing