John The Ripper Modes and Configuration
John have a lot of different features and in order to configure these features it provides a lot of configuration options. In this tutorial we will look some of them.
There is two way to get help abut John. One is the simplest way by using -h .
$ john -h
John the Ripper password cracker, version 22.214.171.124-jumbo-1-bleeding [linux-x86-64]
Copyright (c) 1996-2015 by Solar Designer and others
Usage: john [OPTIONS] [PASSWORD-FILES]
--single[=SECTION] "single crack" mode
--wordlist[=FILE] --stdin wordlist mode, read words from FILE or stdin
--pipe like --stdin, but bulk reads, and allows rules
--loopback[=FILE] like --wordlist, but fetch words from a .pot file
--dupe-suppression suppress all dupes in wordlist (and force preload)
--prince[=FILE] PRINCE mode, read words from FILE
--encoding=NAME input encoding (eg. UTF-8, ISO-8859-1). See also
doc/ENCODING and --list=hidden-options.
--rules[=SECTION] enable word mangling rules for wordlist modes
--incremental[=MODE] "incremental" mode [using section MODE]
--mask=MASK mask mode using MASK
--markov[=OPTIONS] "Markov" mode (see doc/MARKOV)
--external=MODE external mode or word filter
--stdout[=LENGTH] just output candidate passwords [cut at LENGTH]
--restore[=NAME] restore an interrupted session [called NAME]
--session=NAME give a new session the NAME
--status[=NAME] print status of a session [called NAME]
--make-charset=FILE make a charset file. It will be overwritten
--show[=LEFT] show cracked passwords [if =LEFT, then uncracked]
--test[=TIME] run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--groups=[-]GID[,..] load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only
--salts=[-]COUNT[:MAX] load salts with[out] COUNT [to MAX] hashes
--save-memory=LEVEL enable memory saving, at LEVEL 1..3
--node=MIN[-MAX]/TOTAL this node's number range out of TOTAL count
--fork=N fork N processes
--pot=NAME pot file to use
--list=WHAT list capabilities, see --list=help or doc/OPTIONS
--format=NAME force hash of type NAME. The supported formats can
be seen with --list=formats and --list=subformats
And the other method is by using man page. Man page provides more details.
$ man john
JOHN(8) System Manager's Manual JOHN(8)
john - a tool to find weak passwords of your users
john [options] password-files
John have 3 different modes to crack passwords.
Wordlist: In this mode john will look a given wordlist to crack passwords.
Single Crack: Int this mode john will try crack login:password files.
Incremental: This is the most powerfull mode, john will try all alphabet to crack also new methods can be created in this mode.
When john started without any Mode parameter is tries Modes sequencially like Single Mode, Word List Mode, Incremental Mode.
We set Mode manually like below. After selected Mode search ends it do not jumps next Mode.
$ john --single unshadowed
- –single is the Mode specifier or –si can be used as abrevation
Configuration file about john can be found in /etc/john/john.conf
If we look into john.conf we will see there is a lot of configuration like word list, alert, defaults, algorithms, rules.
Local user configuration resides in user home directory with name .john . It is a hidden file where provides john history, configuration,cracked passwords etc.
Here is some configuration about Incremental methods alphanumeric wordlist calculation
File = $JOHN/alnum.chr
MinLen = 1
MaxLen = 13
CharCount = 62