John the Ripper Hash Cracking

What is John the Ripper?

John the Ripper (JtR) is an open-source password cracking software tool designed to detect weak passwords. It supports various encryption algorithms and can crack password hashes using dictionary-based attacks, brute force, or hybrid methods. JtR is frequently used by security professionals and penetration testers to audit password security.

Command: echo -n "admin" | openssl dgst -sha1

This command hashes the password admin using the SHA-1 algorithm. Below is the output:

SHA1(stdin)= d033e22ae348aeb5660fc2140aec35850c4da997
            

The hash generated is d033e22ae348aeb5660fc2140aec35850c4da997.

Command: sudo gzip -d rockyou.txt.gz

This command decompresses the rockyou.txt.gz file, which is a commonly used wordlist for password cracking.

Command: john --wordlist=/usr/share/wordlists/rockyou.txt /home/lukasz/Documents/john/hash.txt

This command runs John the Ripper with a wordlist (rockyou.txt) to attempt to crack hashes stored in hash.txt. Below is the output:

Created directory: /home/lukasz/.john
Warning: detected hash type "Raw-SHA1", but the string is also recognized as "Raw-SHA1-AxCrypt"
Warning: detected hash type "Raw-SHA1", but the string is also recognized as "Raw-SHA1-Linkedin"
...
admin            (?)
1g 0:00:00:00 DONE (2025-01-05 19:02) 20.00g/s 396400p/s 396400c/s 396400C/s alcala..VINCENT
Use the "--show --format=Raw-SHA1" options to display all of the cracked passwords reliably
Session completed.
            

Findings:

• The password admin was successfully cracked.
• This can indicate a weak password that should be avoided.

Command: john --show /home/lukasz/Documents/john/hash.txt

This command shows the cracked passwords from the hash.txt file:

?:admin
1 password hash cracked, 0 left
            

The password admin has been cracked and is shown in the output.