For this tutorial we use John the Ripper which is a free password cracking software tool. It combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can crack various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. (With an additional module it has the ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, etc.)

John the Ripper is different from tools like Hydra, because this does blind brute-forcing by trying username/password combinations on a service daemon like ftp server or telnet server. John the Ripper however, needs the hash first, which can be done using free rainbow tables available online. (Rainbow tables store common words and their hashes in a large database)

We must use the passwd and shadow file to create an output file and run dictionary attack against that file to crack it.
John the Ripper uses /etc/passwd where the username and password is stored, and the /etc/shadow file which contains the hash.
Let’s start to create a user named sander with the password qwerty. (simple password for demo purposes)
See this tutorial for more information on creating an user in Kali linux.

 

Create the user sander with:
[crayon-5f2f0c1c62cc8283472033-i/]


Change the password of sander to qwerty:

[crayon-5f2f0c1c62cd2739121975/]
With the unshadow command you will combine the extries of /etc/passwd and /etc/shadow and redirect it to 1 file with the username and password details.


To combine the entries and redirect this output to an file, use this command:

[crayon-5f2f0c1c62cd4608825702-i/]

Now we need a dictionary file and start cracking with a small password file included with John the Ripper.
This file is located at:  [crayon-5f2f0c1c62cd5971778159-i/]


Crack the password with the file earlier created by typing:

[crayon-5f2f0c1c62cd7392294375-i/]


The cracking starts and shows the output:

[crayon-5f2f0c1c62cd8729352869/]
 

When it’s complete, you can use the following command to show a list of cracked passwords:
[crayon-5f2f0c1c62cd9015563942/]
This completes the basic use of John the Ripper. For more and advanced usage examples go to this link.