John the Ripper

John the Ripper (often shortened to JtR) is a widely used, powerful password cracking tool. It is designed to detect weak Unix passwords, but it also supports hundreds of hash and cipher types, including many commonly found in software and files (like zip files, rar files, and pdfs).

It is an essential tool in cracking challenges in CTFs, often used to:

• Crack password hashes found in various formats.
• Recover passwords for encrypted files (ZIP, RAR, PDF, etc.).
• Perform dictionary attacks or brute-force attacks against weak passwords.

Basic Usage Examples

Cracking a Password Hash

To crack a hash stored in a file named hashes.txt using a common wordlist (like the built-in rockyou.txt or one you provide):

john hashes.txt --wordlist=/path/to/your/wordlist.txt

John will attempt to crack the hashes and will display any cracked passwords. You can view previously cracked passwords with:

john --show hashes.txt

Cracking a Password-Protected Zip File

First, you need to extract the hash from the zip file using a specific John tool called zip2john. Then, feed the output to John:

zip2john challenge.zip > challenge.zip.hash
john challenge.zip.hash --wordlist=/path/to/your/wordlist.txt

Replace challenge.zip with the name of your zip file. This process is similar for other file types like RAR (using rar2john) and PDF (using pdf2john).

Remember that the effectiveness of cracking depends heavily on the strength of the password and the quality of the wordlist used.

Wordlists

In Kali Linux installations, wordlists may be found using the following command (source)

wordlists