How To Crack Password with John The Ripper Incremental Mode


This is the most powerful cracking mode. Keep in mind that generally cracking will never end in this mode if there is no password because combinations are too large.

Configurations about Incremental Mode can be found in configuration file [Incremental:MODE] section.

$ john --incremental unshadowed
  • –incremental is used to specify incremental Mode

Set Only Numeric Chars for Word List

We can set only numeric characters to crack like below.

$ john --incremental=digits unshadowed
  • digits will fire numeric wordlist. Default numeric range is from 0 to  99999999999999999999

Set Target Account

To crack only specified account in the hashes -u  can be used

$ john -u root unshadow
  • -u  root is the account we want ot crack

Cracking Files Parallel

We can crack multiple hashes simultneously like below. Just add new files.

$ john unshadow1 unshadow2 unshadow3
  • unshadow1,2,3 crack all of them please

Use ASCII Characters For Word List

We can use different word list for incremental Mode. As we states before look /etc/john/john.conf for more details. We will use only ASCII characters in this example

$ john --incremental:ASCII unshadowed   
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt" 
Use the "--format=crypt" option to force loading these as that type instead 
Using default input encoding: UTF-8 
Loaded 3 password hashes with 3 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 SSE2 2x]) 
Press 'q' or Ctrl-C to abort, almost any other key for status 
123456           (root) 
123456           (terry)

Show Specific User Cracked Password

We can show only specified users cracked password like below.

$ john --user:terry --show unshadowed   
terry:123456:1001:1002::/home/terry:/bin/sh 
 
1 password hash cracked, 0 left
  • –user sets account name
  • –show shows all ready cracked password
LEARN MORE  HMAC (Hach-based Message Authentication Code) Tutorial

Piping or Saving John Output

We can use bash operators to save john output easily to a file.

$ john --user:terry --show unshadowed  > myterry 
$ cat myterry  
terry:123456:1001:1002::/home/terry:/bin/sh 
 
1 password hash cracked, 0 left

Leave a Comment