john − "John the Ripper" detects weak passwords like first names, common expressions etc. on your system.
john [ OPTIONS ] <password_files>
You can list any number of password files on John’s command line, and also specify some of the following options:
-single "single crack" mode -wordlist:FILE wordlist mode, read words from FILE, -stdin or from stdin -rules enable rules for wordlist mode -incremental[:MODE] incremental mode [using section MODE] -external:MODE external mode or word filter -stdout[:LENGTH] no cracking, write words to stdout -restore[:FILE] restore an interrupted session -session:FILE set session file name to FILE -status[:FILE] print status of a session [from FILE] -makechars:FILE make a charset, overwriting FILE -show show cracked passwords -test perform a benchmark -users:[-]LOGIN⎪UID[,..] load this (these) user(s) only -groups:[-]GID[,..] load this (these) group(s) only -shells:[-]SHELL[,..] load this (these) shell(s) only -salts:[-]COUNT set a passwords per salt limit -format:NAME force ciphertext format NAME -savemem:LEVEL enable memory saving, at LEVEL 1..3
John the Ripper is a password cracker, currently available for UNIX , DOS , WinNT/Win95. Its primary purpose is to detect weak UNIX passwords. It has been tested with Linux x86/Alpha/SPARC, FreeBSD x86, OpenBSD x86, Solaris 2.x SPARC and x86, Digital UNIX , AIX , HP−UX , and IRIX .
The DOS and Win32 ports are done with DJGPP and Cygnus Developer’s Kit, respectively.
To run John, you need to supply it with some password files and optionally specify a cracking mode, like this, using the default order of modes, and assuming that passwd is a copy of your password file:
john /etc/shadow
or, to make it use a wordlist with rules only:
john -wordlist:/var/lib/john/wordlists/all -rules /etc/shadow
Cracked passwords will be printed to the terminal and saved in file called ~/john.pot (in this text ’~’ means John’s "home directory", that is, the directory you installed John’s binary in). This file is also used not to load passwords that you already cracked, when you run John the next time. To retrieve the cracked passwords, run:
john -show /etc/shadow
While cracking, you can press any key for status, or Ctrl+C to abort the session, saving point information to a file (~/restore by default). By the way, if you press Ctrl+C twice John will abort immediately without saving. The point information is also saved every 10 minutes (configurable in the configuration file, ~/john.ini) in case of a crash.
To continue an interrupted session, run:
john -restore
Anyway, you probably should have a look at doc/OPTIONS for a list of all the command line options, and at doc/EXAMPLES for more John usage examples with other cracking modes.
John the Ripper is designed to be both feature-rich and fast. It combines several cracking modes in one program, and is fully configurable for your particular needs (you can even define a custom cracking mode using the built-in compiler supporting a subset of C). Also, John is available for several different platforms, which enables you to use the same cracker everywhere (for example even continue a cracking session that you started on another platform).
Out of the box, John supports (and autodetects) the following Unix crypt(3) hash types: traditional and double-length DES−based, BSDI ’s extended DES−based, FreeBSD’s MD5−based (now also used on Linux and in Cisco IOS), and OpenBSD’s Blowfish−based (now also used on some Linux distributions). Also supported out of the box are Kerberos/AFS and Windows NT/2000/XP LM (DES-based) hashes.
With just one extra command (required to extract the passwords), John can crack AFS passwords and WinNT LM hashes.
Unlike other crackers, John doesn’t use a crypt(3)−style routine. Instead, it has its own highly optimized modules for different ciphertext formats and architectures. Some of the algorithms used, such as bitslice DES, couldn’t have been implemented within the crypt(3) API; they require a more powerful interface such as the one used in John. Additionally, there’re assembly language routines for several processor architectures, most importantly for x86 with MMX.
Solar Designer solar AT false DOT com
The rest of documentation is located in separate files, listed here in the recommended reading order:
INSTALL - you’ve probably read it already OPTIONS - command line options, and additional utilities MODES - cracking modes: what they are CONFIG (*) - how to customize RULES (*) - wordlist rules syntax EXTERNAL (*) - defining an external mode EXAMPLES - usage examples -- strongly recommended FAQ - guess NEWS - history of changes CREDITS - credits, and how to contact me (*) most users can safely skip these
You can find these files at /usr/share/doc/packages/john/
Happy reading!