Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  • John the Ripper: Libraries and Utilities for Cracking Different Hash Types
  • Introduction
  • 1. ssh2john - Cracking SSH Keys
  • 2. keepass2john - Cracking KeePass Password Databases
  • 3. bitlocker2john - Cracking Windows BitLocker Encryption
  • 4. ansible2john - Cracking Ansible Vault Passwords
  • 5. office2john - Cracking Microsoft Office Passwords
  • 6. zip2john - Cracking Password-Protected Zip Files
  • 7. Other Hash Cracking Utilities in John the Ripper
  • Conclusion
  1. Password Attacks
  2. Password Attacks
  3. John The Ripper

Convert to Hashes with John

John the Ripper: Libraries and Utilities for Cracking Different Hash Types

Introduction

John the Ripper (John) is a powerful and versatile password-cracking tool that supports a wide range of hash types and password protection schemes. John the Ripper includes various specialized utilities and libraries that are designed to handle different formats, such as SSH keys, KeePass databases, and even Windows BitLocker encryption. This tutorial will cover some of the key utilities and libraries included with John the Ripper, explaining how to use them to crack password hashes for different systems and services.

1. ssh2john - Cracking SSH Keys

One of the unique features of John the Ripper is its ability to crack SSH private keys. The ssh2john utility extracts the hash from an SSH private key so that it can be cracked by John the Ripper.

How to Use ssh2john

To use ssh2john, run the following command to extract the hash from the private key file:

ssh2john /path/to/ssh/private/key > ssh_hash.txt

For example, if your SSH private key is located at ~/.ssh/id_rsa, you would run:

ssh2john ~/.ssh/id_rsa > ssh_hash.txt

Once the hash is extracted, you can use John to crack the key:

john ssh_hash.txt

John will attempt to crack the SSH private key password using a variety of cracking methods (e.g., dictionary attack, brute force).

Example:

ssh2john ~/.ssh/id_rsa > ssh_hash.txt
john ssh_hash.txt

2. keepass2john - Cracking KeePass Password Databases

John the Ripper also supports cracking passwords stored in KeePass password databases. The keepass2john utility extracts the password hash from KeePass 1.x and 2.x database files so that John can attempt to crack them.

How to Use keepass2john

To extract the hash from a KeePass database, run the following command:

keepass2john /path/to/database.kdbx > keepass_hash.txt

For example, if your KeePass database file is named passwords.kdbx, you would run:

keepass2john passwords.kdbx > keepass_hash.txt

Once the hash is extracted, use John to crack it:

john keepass_hash.txt

Example:

keepass2john passwords.kdbx > keepass_hash.txt
john keepass_hash.txt

3. bitlocker2john - Cracking Windows BitLocker Encryption

Windows BitLocker is a disk encryption feature that uses a variety of methods to secure data. bitlocker2john is a tool that allows John the Ripper to crack BitLocker encrypted drives by extracting and cracking the recovery key.

How to Use bitlocker2john

To extract the BitLocker key hash, you need to use bitlocker2john on the BitLocker recovery key or related files. The basic command is:

bitlocker2john /path/to/bitlocker.recovery.key > bitlocker_hash.txt

Once the hash is extracted, use John to crack it:

john bitlocker_hash.txt

Example:

bitlocker2john /path/to/bitlocker.recovery.key > bitlocker_hash.txt
john bitlocker_hash.txt

4. ansible2john - Cracking Ansible Vault Passwords

Ansible Vault is used for encrypting sensitive data such as passwords and private keys in Ansible playbooks. The ansible2john utility allows you to extract and crack the password used to encrypt an Ansible Vault file.

How to Use ansible2john

To extract the encrypted hash from an Ansible Vault file, run the following command:

ansible2john /path/to/ansible/vault/file > ansible_hash.txt

For example, if your Ansible Vault file is secrets.yml, you would run:

ansible2john secrets.yml > ansible_hash.txt

Once the hash is extracted, you can use John to crack it:

john ansible_hash.txt

Example:

ansible2john secrets.yml > ansible_hash.txt
john ansible_hash.txt

5. office2john - Cracking Microsoft Office Passwords

John the Ripper also supports cracking passwords for encrypted Microsoft Office documents, such as Word, Excel, and PowerPoint files. The office2john utility can extract the hash from Office documents for later cracking.

How to Use office2john

To extract the hash from an Office file, use the following command:

office2john /path/to/file.docx > office_hash.txt

For example, if you have a protected Word document called report.docx, you would run:

office2john report.docx > office_hash.txt

Once the hash is extracted, use John to crack it:

john office_hash.txt

Example:

office2john report.docx > office_hash.txt
john office_hash.txt

6. zip2john - Cracking Password-Protected Zip Files

John the Ripper can also crack password-protected ZIP archives using the zip2john utility. It extracts the hash from the ZIP file, which can then be cracked by John.

How to Use zip2john

To extract the hash from a password-protected ZIP file, use the following command:

zip2john /path/to/file.zip > zip_hash.txt

Once the hash is extracted, use John to crack it:

john zip_hash.txt

Example:

zip2john archive.zip > zip_hash.txt
john zip_hash.txt

7. Other Hash Cracking Utilities in John the Ripper

In addition to the utilities mentioned above, John the Ripper supports cracking a wide range of other hash types. Some of these include:

  • LM and NTLM Hashes: For cracking Windows password hashes.

  • MD5 and SHA Hashes: Cracking a variety of cryptographic hash types, including common web application hash formats.

  • LM/NTLM Hashes from Samba: For cracking passwords used by Samba services.

These tools and utilities are part of John the Ripper’s robust feature set, making it a highly versatile tool for security professionals, penetration testers, and ethical hackers.

Conclusion

John the Ripper includes a wide array of utilities that extend its capabilities to crack passwords from many different types of encryption and password storage formats. Whether you're cracking SSH private keys, encrypted Microsoft Office documents, or even BitLocker disks, John provides specialized tools like ssh2john, keepass2john, and bitlocker2john to facilitate the process.

PreviousCracking Passwords with JohnNextNTLM vs NTLMv2 Hashes + CrackMapExec

Last updated 2 months ago