John the Ripper is a free password cracking software tool. First developed for the Unix operating system, it currently runs on fifteen different platforms. It is one of the most popular password cracking programs as it automatically detects password hash types and includes a customizable cracker.
It can run on various encrypted password formats, including different types of encryption password hashes most commonly found on various platforms. Additional modules have extended their ability to include MD4-based password hashes and MDAP-based passwords, MySQL and many others. It is one of the oldest but constantly updated software.
But today we will not go into the details of its qualities, but we will talk about how to extract the passwords from GNU / Linux and crack them thanks to John.
In this guide I will use kali linux, but for OS debian based the procedure is the same.
Well … Let’s start!
First of all, check if your OS has already installed john. In distributions such as kali linux, backtrack, parrot security, black ubuntu, you should already find it installed. If not, you can simply type john and see what happens. Some systems already have pre-installed “johnny” which is the GUI version of john the ripper. But in this guide, we will work from shell.
NOTE: Sometimes the john command from the terminal does not work, so to make sure you do not have it already installed open the terminal and type:
d3x3@dexe-PC: cd /usr/bin/
d3x3@dexe-PC:/usr/bin$ find john*
If John or Johnny are present, the find command will give you an output with their names. At that point skip the part concerning the download and move on.
If you still have difficulty with their use, I suggest you to make the download and follow the same procedure. You will certainly have the latest version, and you can place the folder wherever you want to work more comfortably.
Once downloaded, open the terminal and go to the directory where the downloaded file is located.
At this point, extract the archive with the command: tar -xvzf archive_name
Where archive_name is the name of the john the ripper archive. In my case:
d3x3@dexe-PC:~/Scrivania/johntheripper$ tar -xvzf john-1.8.0.tar.gz
Once finished, by typing “ls” you will see a new folder appear. With the cd command enter in the src folder contained inside and type:
d3x3@dexe-PC:~/Scrivania/johntheripper/john-1.8.0/src$ make
Now you have two solutions. If you can identify your operating system in the list that appears, copy it as shown below and type: “make clean SYSTEM” where SYSTEM is your OS. In my case:
d3x3@dexe-PC:~/Scrivania/johntheripper/john-1.8.0/src$ make clean linux-x86-any
Alternatively, simply type “make clean generic”.
Perfect john is ready to be used.
Now go back one level with “cd ..” and access the run folder with “cd run”.
To crack linux passwords we will need two files: the passwd file and the shadow file.
I will not explain these two files in this guide. You just need to know that once the passwords on linux were saved in the file / etc / passwd but with the advance of technology the single file has become easy to crack and therefore it was decided to use a second file: / etc / shadow
Returning to john the ripper, we will give an example with the files of your operating system. Copy your two files with the following commands:
sudo cp /etc/passwd passwd
sudo cp /etc/shadow shadow
Well, the first thing to do is to merge the two files into a single file that john will then crack.
d3x3@dexe-PC:~/Scrivania/johntheripper/john-1.8.0/runc$ sudo ./unshadow passwd shadow > passwordfile
a new file will be created.
now we can use john in two ways. Or let him either crack the file, or give him a wordlist.
d3x3@dexe-PC:~/Scrivania/johntheripper/john-1.8.0/run$ ./john passwordfile
OR:
d3x3@dexe-PC:~/Scrivania/johntheripper/john-1.8.0/run$ ./john wordlist=path_wordlist.txt passwordfile
Stay safe and enjoy. D3x3.
Goldenhacking 
One thought on “Cracking linux password with John The Ripper”