Jump to content

John the Ripper: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
No edit summary
Citation bot (talk | contribs)
Bots
5,438,413 edits
Alter: title, template type. Add: chapter-url, chapter, authors 1-1. Removed or converted URL. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by Abductive | Category:Cryptanalytic software | #UCB_Category 2/6
 
(181 intermediate revisions by more than 100 users not shown)
Line 1: Line 1:
{{Short description|Password cracking software tool}}
{{Infobox Software
{{more citations needed|date=June 2014|find2="John the Ripper" cracker}}
{{Not to be confused|Jack the Ripper}}{{Infobox software
| name = John the Ripper
| name = John the Ripper
| logo =
| logo =
| screenshot =
| screenshot = [[File:John the Ripper example-quick.png|250px]]
| caption = Running john with a password list on a [[shadow file]]
| caption =
| author =
| author =
| developer = [[Alexander Peslyak|Alexander Peslyak (Solar Designer)]]
| developer = [[Openwall Project|OpenWall]]
| released = 1996<ref>{{Cite web |url=https://www.openwall.com/lists/john-users/2015/09/10/4 |title=john-users – Re: When was John created? |access-date=2021-10-28 |archive-date=2021-10-28 |archive-url=https://web.archive.org/web/20211028150557/https://www.openwall.com/lists/john-users/2015/09/10/4 |url-status=live }}</ref>
| released =
| latest release version = 1.9.0<ref name="rel-1.9.0">{{Cite web|url=https://www.openwall.com/lists/announce/2019/05/14/1|title=Announce - &#91;openwall-announce&#93; John the Ripper 1.9.0-jumbo-1|access-date=2019-06-04|archive-date=2020-11-08|archive-url=https://web.archive.org/web/20201108001402/https://www.openwall.com/lists/announce/2019/05/14/1|url-status=live}}</ref>
| latest release version = 1.7.3.4 (Unix) / 1.7.0.1 (Windows/DOS)
| latest release date = {{release date|2009|09|20}}
| latest release date = {{release date|2019|05|14}}
| latest preview version =
| latest preview version =
| latest preview date =
| latest preview date =
| operating system = [[Cross-platform]]
| operating system = [[Cross-platform]]
| genre = [[Password cracking]]
| genre = [[Password cracking]]
| license = [[GNU General Public License]]
| license = [[GNU General Public License]]<br />Proprietary (Pro version)
| website = http://www.openwall.com/john/
| website = {{Official URL}}
}}
}}
'''John the Ripper''' is a [[free software|free]] [[password cracking]] software tool. Initially developed for the [[Unix|UNIX]] [[operating system]], it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, [[DOS]], [[Microsoft Windows|Win32]], [[BeOS]], and [[OpenVMS]]). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, [[Autodetection|autodetects]] password hash types, and includes a customizable cracker. It can be run against various [[encryption|encrypted]] password formats including several [[Crypt (Unix)|crypt]] password hash types most commonly found on various Unix flavors (based on [[Data Encryption Standard|DES]], [[MD5]], or [[Blowfish (cipher)|Blowfish]]), [[Kerberos (protocol)|Kerberos]] [[Andrew File System|AFS]], and Windows NT/2000/XP/2003 [[LM hash]]. Additional modules have extended its ability to include [[MD4]]-based password hashes and passwords stored in [[Lightweight Directory Access Protocol|LDAP]], [[MySQL]] and others.
'''John the Ripper''' is a [[free software|free]] [[password cracking]] software tool.<ref>{{cite book| author=Anonymous| title=Maximum Linux Security| date=2001| isbn=0-672-32134-3| publisher=Sams Publishing| page=154| edition=2}}</ref> Originally developed for the [[Unix operating system]], it can run on fifteen different platforms (eleven of which are architecture-specific versions of Unix, [[DOS]], [[Microsoft Windows|Win32]], [[BeOS]], and [[OpenVMS]]). It is among the most frequently used password testing and breaking programs<ref>{{cite web| url=https://www.concise-courses.com/hacking-tools/password-crackers/john-the-ripper/| title=Password Crackers| publisher=Concise Cybersecurity| access-date=2016-12-03| archive-url=https://web.archive.org/web/20170404031459/https://www.concise-courses.com/hacking-tools/password-crackers/john-the-ripper/| archive-date=2017-04-04| url-status=dead}}</ref> as it combines a number of password crackers into one package, automatically detects password [[Hash function|hash]] types, and includes a customizable cracker. It can be run against various [[encryption|encrypted]] password formats including several [[Crypt (Unix)|crypt]] password hash types most commonly found on various Unix versions (based on [[Data Encryption Standard|DES]], [[MD5]], or [[Blowfish (cipher)|Blowfish]]), [[Kerberos (protocol)|Kerberos]] [[Andrew File System|AFS]], and Windows NT/2000/XP/2003 [[LM hash]]. Additional modules have extended its ability to include [[MD4]]-based password hashes and passwords stored in [[Lightweight Directory Access Protocol|LDAP]], [[MySQL]], and others.<ref>{{cite web| url=http://sectools.org/tool/john/| title=John the Ripper| publisher=sectools.org| access-date=2016-03-06| archive-date=2019-03-15| archive-url=https://web.archive.org/web/20190315140956/https://sectools.org/tool/john/| url-status=live}}</ref>


== Sample output ==
== Sample output ==
Here is a sample output in a [[Debian]] environment.
Here is a sample output in a [[Debian]] environment.


<syntaxhighlight lang="console">
root@0[john-1.6.37]# '''cat pass.txt'''
$ cat pass.txt
user:AZl.zWwxIh15Q
user:AZl.zWwxIh15Q
root@0[john-1.6.37]# '''john -w:password.lst pass.txt'''
Loaded 1 password hash (Traditional DES [24/32 4K])
$ john -w:password.lst pass.txt
Loaded 1 password hash (Traditional DES [24/32 4K])
example (user)
example (user)
guesses: 1 time: 0:00:00:00 100% c/s: 752 trying: 12345 - pookie
</syntaxhighlight>


The first line is a command to expand the data stored in the file "<code>pass.txt</code>". The next line is the contents of the file, i.e. the user (<code>AZl</code>) and the hash associated with that user (<code>zWwxIh15Q</code>). The third line is the command for running John the Ripper utilizing the "<code>-w</code>" flag. "<code>password.lst</code>" is the name of a text file full of words the program will use against the hash, <code>pass.txt</code> makes another appearance as the file we want John to work on.


Then we see output from John working. Loaded 1 password hash — the one we saw with the "[[cat (Unix)|cat]]" command — and the type of hash John thinks it is (Traditional DES). We also see that the attempt required one guess at a time of 0 with a 100% guess rate.


== Attack types ==
{{More citations needed section|date=November 2024}}
One of the modes John can use is the [[dictionary attack]].<ref name=":0">{{Cite web |title=john/doc/MODES at bleeding-jumbo · openwall/john |url=https://github.com/openwall/john/blob/bleeding-jumbo/doc/MODES |access-date=2024-10-30 |website=GitHub |language=en}}</ref> It takes text string samples (usually from a file, called a wordlist, containing words found in a [[dictionary]] or real passwords cracked before), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John's single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the hashes.


John also offers a [[brute force attack|brute force]] mode, dubbed "incremental mode".<ref name=":0" /> In this type of attack, the program goes through all the possible [[plaintext]]s, hashing each one and then comparing it to the input [[Cryptographic hash function|hash]]. John uses character frequency tables to try plaintexts containing more frequently used characters first. This method is useful for cracking passwords that do not appear in dictionary wordlists, but it takes a long time to run.


In addition to wordlist mode and incremental mode, there is&nbsp;:
guesses: 1 time: 0:00:00:00 100% c/s: 752 trying: 12345 - pookie


* Markov mode — uses research by Arvind Narayanan and Vitaly Shmatikov<ref>{{Cite web |title=john/doc/MARKOV at bleeding-jumbo · openwall/john |url=https://github.com/openwall/john/blob/bleeding-jumbo/doc/MARKOV |access-date=2024-10-30 |website=GitHub |language=en}}</ref><ref>{{Citation |title=Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff |vauthors=((Narayanan, A.)), ((Shmatikov, V.)) |year=2005 |url=http://www.cs.utexas.edu/~shmat/shmat_ccs05pwd.ps |access-date=30 October 2024}}</ref><ref>{{Cite book |last1=Narayanan |first1=Arvind |last2=Shmatikov |first2=Vitaly |chapter=Fast dictionary attacks on passwords using time-space tradeoff |date=2005-11-07 |title=Proceedings of the 12th ACM conference on Computer and communications security |chapter-url=https://dl.acm.org/doi/10.1145/1102120.1102168 |language=en |publisher=ACM |pages=364–372 |doi=10.1145/1102120.1102168 |isbn=978-1-59593-226-6}}</ref> to create candidates
== Attack types ==
* Mask mode — uses a user-supplied pattern to create candidates
One of the modes John can use is the [[dictionary attack]]. It takes text string samples (usually from a file, called a ''wordlist'', containing words found in a [[dictionary]]), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John's single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the encrypted hashes.
* "Single crack" mode — uses details like the user's login name, full name, home directory name, et al. as candidates

* Subsets mode — generates candidates based on complexity, prioritising longer simple passwords over shorter complex ones
John also offers a [[brute force attack|brute force]] mode. In this type of attack, the program goes through all the possible plaintexts, hashing each one and comparing it to the input [[Cryptographic hash function|hash]]. John uses character frequency tables to try plaintexts containing more frequently-used characters first. This method is useful for cracking passwords which do not appear in dictionary wordlists, but it does take a long time to run.
* Regex mode — an experimental mode that uses a user-supplied [[regular expression]], similar to the aforementioned mask mode, to create candidates
* Mode stacking — utilises the mask or regex modes in combination with another mode


== See also ==
== See also ==
{{portal|Free software|Free Software Portal Logo.svg}}
{{Portal|Free and open-source software}}


{{Portal|Cryptography|Crypto_key.svg}}

*[[Openwall Project]]
*[[Password cracking]]
*[[Brute-force search]]
*[[Brute-force search]]
*[[Brute-force attack]]
*[[Hack (technology slang)|Computer hacking]]
*[[Crack (password software)]]
*[[Hacking tool]]

== References ==
{{Reflist}}


== External links ==
== External links ==
*{{Official website}}
*[http://www.openwall.com/john/ Official page for John the Ripper]

*[http://www.banquise.net/misc/patch-john.html Unofficial John the Ripper patches]
{{Password Cracking Software}}
*[http://ktulu.com.ar/en/djohn.php Distributed John (DJohn)] - distributed cracking over several machines
*[http://www.darknet.org.uk/2006/03/jtr-password-cracking-john-the-ripper-17-released-finally John the Ripper 1.7 Released]
*[http://marc.info/?l=john-users&m=114826308125791&w=2 John the Ripper 1.7.2 Released]
*[http://www.oiepoie.nl/2007/02/11/high-speed-password-cracking-with-john-the-ripper/ Running John on dual core or multi CPU machines]
{{Password_Cracking_Software}}


[[Category:Password cracking software]]
[[Category:Password cracking software]]
[[Category:Free security software]]
[[Category:Free security software]]
[[Category:Cross-platform software]]
[[Category:Cross-platform software]]
[[Category:Cryptanalytic software]]
[[Category:Year of introduction missing]]
<!-- Replace
[[Category:Year of introduction missing]]


with
[[de:John the Ripper]]
[[Category:20xx software]] -->
[[es:John the Ripper]]
[[eu:John the Ripper]]
[[fr:John the Ripper]]
[[it:John the Ripper]]
[[nl:John the Ripper]]
[[pl:John the Ripper]]
[[pt:John the Ripper]]
[[ru:John the Ripper]]

Latest revision as of 03:48, 30 November 2024

Not to be confused with Jack the Ripper.
John the Ripper
Developer(s)OpenWall
Initial release1996[1]
Stable release
1.9.0[2] / May 14, 2019 (2019-05-14)
Repository
Operating systemCross-platform
TypePassword cracking
LicenseGNU General Public License
Proprietary (Pro version)
Websitewww.openwall.com/john/ Edit this at Wikidata

John the Ripper is a free password cracking software tool.[3] Originally developed for the Unix operating system, it can run on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is among the most frequently used password testing and breaking programs[4] as it combines a number of password crackers into one package, automatically detects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.[5]

Sample output

[edit]

Here is a sample output in a Debian environment. 

$ cat pass.txt
user:AZl.zWwxIh15Q
$ john -w:password.lst pass.txt
Loaded 1 password hash (Traditional DES [24/32 4K])
example         (user)
guesses: 1  time: 0:00:00:00 100%  c/s: 752  trying: 12345 - pookie

The first line is a command to expand the data stored in the file "pass.txt". The next line is the contents of the file, i.e. the user (AZl) and the hash associated with that user (zWwxIh15Q). The third line is the command for running John the Ripper utilizing the "-w" flag. "password.lst" is the name of a text file full of words the program will use against the hash, pass.txt makes another appearance as the file we want John to work on.

Then we see output from John working. Loaded 1 password hash — the one we saw with the "cat" command — and the type of hash John thinks it is (Traditional DES). We also see that the attempt required one guess at a time of 0 with a 100% guess rate.

Attack types

[edit]

One of the modes John can use is the dictionary attack.[6] It takes text string samples (usually from a file, called a wordlist, containing words found in a dictionary or real passwords cracked before), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John's single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the hashes.

John also offers a brute force mode, dubbed "incremental mode".[6] In this type of attack, the program goes through all the possible plaintexts, hashing each one and then comparing it to the input hash. John uses character frequency tables to try plaintexts containing more frequently used characters first. This method is useful for cracking passwords that do not appear in dictionary wordlists, but it takes a long time to run.

In addition to wordlist mode and incremental mode, there is :

  • Markov mode — uses research by Arvind Narayanan and Vitaly Shmatikov[7][8][9] to create candidates
  • Mask mode — uses a user-supplied pattern to create candidates
  • "Single crack" mode — uses details like the user's login name, full name, home directory name, et al. as candidates
  • Subsets mode — generates candidates based on complexity, prioritising longer simple passwords over shorter complex ones
  • Regex mode — an experimental mode that uses a user-supplied regular expression, similar to the aforementioned mask mode, to create candidates
  • Mode stacking — utilises the mask or regex modes in combination with another mode

See also

[edit]

References

[edit]
  1. ^ "john-users – Re: When was John created?". Archived from the original on 2021-10-28. Retrieved 2021-10-28.
  2. ^ "Announce - [openwall-announce] John the Ripper 1.9.0-jumbo-1". Archived from the original on 2020-11-08. Retrieved 2019-06-04.
  3. ^ Anonymous (2001). Maximum Linux Security (2 ed.). Sams Publishing. p. 154. ISBN 0-672-32134-3.
  4. ^ "Password Crackers". Concise Cybersecurity. Archived from the original on 2017-04-04. Retrieved 2016-12-03.
  5. ^ "John the Ripper". sectools.org. Archived from the original on 2019-03-15. Retrieved 2016-03-06.
  6. ^ a b "john/doc/MODES at bleeding-jumbo · openwall/john". GitHub. Retrieved 2024-10-30.
  7. ^ "john/doc/MARKOV at bleeding-jumbo · openwall/john". GitHub. Retrieved 2024-10-30.
  8. ^ Narayanan, A., Shmatikov, V. (2005), Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff, retrieved 30 October 2024
  9. ^ Narayanan, Arvind; Shmatikov, Vitaly (2005-11-07). "Fast dictionary attacks on passwords using time-space tradeoff". Proceedings of the 12th ACM conference on Computer and communications security. ACM. pp. 364–372. doi:10.1145/1102120.1102168. ISBN 978-1-59593-226-6.
[edit]
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=John_the_Ripper&oldid=1260327077"