Learn Pentesting like a Pro!

Share this post

Cracking passwords with John the Ripper

pentesting.academy

Discover more from Learn Pentesting like a Pro!

Stay updated on the latest cybersecurity insights from Cloud and Mobile to Blockchain. (HUNDREDS OF SUBSCRIBERS)
Continue reading
Sign in

Cracking passwords with John the Ripper

Easy tutorial to learn the basics of password cracking

DH
Mar 5, 2021
Share this post

Cracking passwords with John the Ripper

pentesting.academy
Share

If we are cracking local accounts passwords in a Unix/Linux environment. First you will need to merge "/etc/passwd" and "/etc/shadow" system files into one:

unshadow passwd shadow > passwd.1

Then there are two possible techniques:

Technique #1: Dictionary Attack

This is useful when we have a long dictionary with common passwords, so we want to audit that no user is using a weak password. One good dictionary you can get in Kali Linux is rockyou.txt, it contains a nice selection of 14,344,392 most common passwords (Kali 2021.1).

cp /usr/share/wordlists/rockyou.txt.gz .

gunzip rockyou.txt.gz

john -w:rockyou.txt passwd.1

Technique #2: Brute-force Attack

If the passwords are very short, we can use brute-force to get them easily:

john -i passwd.1

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.

Share this post

Cracking passwords with John the Ripper

pentesting.academy
Share
Previous
Next
Comments
Top
New

No posts

Ready for more?

© 2023 pentesting.academy
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing