| Blog ,Offensive Security

What Is John the Ripper?

One of the best security tools which can be used to crack passwords is John the Ripper. It has a high rank among all of its other counterparts in the market, supported by sectools.org which assures such information implying a sort of reliability. In addition, it is a free software which is considered a great characteristic of such program. The same as Metasploit, John the Ripper is a part of the Rapid7 family of penetration testing/ hacking tools. If you don’t know Metasploit, you can check an article titled “What is Metasploit” on infosecaddicts.com

John the Ripper was published stably in 2013 with its 1.8.0 version release. The great production and development of such tool is fundamentally attributed to Solar Designer and the community of such software. It is an open source program adhering to the license of GNU General Public License (GNU GPL).7

Originally, “Cracker Jack” was developed for the sake of cracking Unix /etc/passwd files with the help of a dictionary. Then, John the Ripper came into existence afterward. Moreover, a “Pro” version was developed to include more features than the ordinary version. Especially that it has the capability to include and deal with many more hash types on which encrypted passwords are based in the first place. The Rapper’s commercial version is the most used among penetration testers for cracking passwords. This is essentially because of both its speed and great performance.

How Do Password Crackers essentially work?

John the Ripper

If you had no prior experience with password cracking, you most probably got lost trying to grasp this very last part of the discussion, or you would if I were not to add this very part. To crack a password means to recover or hack passwords by exploiting data passing through a computer system or within a network.

In this section, I will attempt to summarize the basic notion behind password cracking methods. This field of science is basically perceived as cryptanalysis. In fact, there exist some vulnerabilities in passwords, which opens the gate for hackers to exploit in order to get the password back from its encrypted format following the use of a hashing method.

I will rely heavily now in my elaboration on one of the most important methods to crack passwords. It is called brute-force attack. Oh, what is this? It is simply a method which mainly depends on performing a cross-checking against a cryptographic hash which is available for the password.

  • In this manner, a hacker’s computer can guess the right password and recover it, especially if the password contains clear-text words for which a “dictionary attack” is where the process is derived.
  • On the other hand, a password could be recovered through what is called ‘rainbow’ table. It is much faster and contains password hashes from which a password is guessed by a computer system.

Common Types of Attacks Used by The Ripper

John the Ripper

There are essentially two main types of attacks harnessed by John the Ripper in order for it to crack any password.

  1. Dictionary Attack
    1. String samples are essentially taken from a specific wordlist, text file, a dictionary, or past cracked passwords.
    2. They are then encrypted identically to the method, key, and algorithm in which the desired password was encrypted originally
    3. Dictionary words could also be altered in a randomized manner to check if they work this way
    4. Single attack mode of John the Ripper can do such alterations. Accordingly, different hashes’ variations are compared when using different alterations.
  2. Brute Force Attack
    1. All possible plaintexts composed of usernames with encrypted passwords are all exhausted to find the right one
    2. They are all hashed and compared to the originally inputted hash.
    3. Character frequency tables are used by the program for the sake of including the most probable used characters first.
    4. This method is so slow, yet it could identify those passwords having no existence in a dictionary.

Which Operating Systems Support John the Ripper?John the Ripper

Among the operating systems supported by John the Ripper, there is a plenty. The most common ones of them are given in the following list:

  • Unix, which was the very first operating system to originally run John the Ripper
  • Eleven Unix-like operating systems such as Linux and similar operating systems.
  • Win32, which is developed by Microsoft Corporation.
  • Disk Operating System (DOS)
  • BeOS which was first produced by Be Inc
  • OpenVMS which was developed by Digital Equipment Corporation

Features Offered by John the Ripper        

Let’s now also discuss why John the Rapper is considered as a really efficient password cracking tool. In fact, it fulfills all of what is needed from a password cracker. I will illustrate by introducing some of the interesting features offered by John the Ripper.

  • A lot of password crackers is all compacted into on platform or package.
  • Hash types used by passwords could be autodetected
  • Different types of encrypted passwords based on varies hashes are up to be broken by John the Ripper such as
    • Crypt passwords hash types which are essentially based on Data Encryption Standard (DES), MD5, and Blowfish hashes used on a lot of Unix versions.
    • Kerberos Andrew File System (Kerberos AFS) hash
    • Hash of type Windows NT/2000/XP/2003 LM
    • Password hashes which depend on MD-4 as well are detected by some extra modules
    • Such modules have the capability to detect password relying on Lightweight Directory Access Protocol (LDAP) and MySQL as well.
  • Cracker could also be customized by the user

What Are the Ripper’s Tools?

Now, that we understood what features are offered by John the Ripper, let us now also get exposed to the tools that could enable us to visualize such features on a practical level.

  • A nice approach to overtaking after cracking a user’s password is to inform him/her after acquiring all desired benefit. One way to do this is to simply email them and inform them that their passwords were cracked. They will really love you! This is accomplished through “mailer”
    John the Ripper
  • The actual password cracker performed by “John”. The explanation of such tool is clearly illustrated in the following image.John the Ripper
    John the Ripper
  • An ethical approach on the other hand, which is mainly useful for penetration testers, is to get the users informed of their passwords being weak. This way can propose that users afterward shall choose a stronger password. “unafs” is the tool mainly used for this purpose.
    John the Ripper
  • Passwords and shadow files could be combined together through the “unshadow” tool.
    John the Ripper
  • If the used wordlist has duplicates, they could be omitted for more efficient dictionary attacks thereafter. This could be performed through the “unique” tool
    John the Ripper

What Distinguishes John the Ripper from THC Hydra?

As a final recap of the Ripper program, I will be delighted to mention the main differences between it and another commonly used password cracking tool. The tool that I am referring to in this regard is The Hacker’s Choice Hierarchical Yet Dynamically Reprogrammable Architecture (THC-HYDRA).

We have seen through our previous discussion of the John the Ripper that it works on cracking passwords whilst offline. Nevertheless, THC-HYDRA is not the same. It is considered as an online password cracking tool. Both of them are perfect in their fields with no major pitfalls.

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

References

https://en.wikipedia.org/wiki/John_the_Ripper

https://www.concise-courses.com/hacking-tools/password-crackers/john-the-ripper/

https://tools.kali.org/password-attacks/john

http://openwall.info/wiki/john/johnny

https://www.quora.com/Why-is-password-cracking-software-such-as-John-the-Ripper-legal