if you're a penetration tester cracking passwords is something you'll do often this can include login passwords file passwords and anything else protected by a password John the Ripper is a well-known password cracking tool it supports many encryption Technologies for Windows Unix and Mac systems one great feature of JN is its ability to automatically detect the encryption type for common formats this saves you time we searching hash formats and finding the right tool to crack them JN uses a dictionary based approach meaning it Compares common passwords in a dictionary to the hash you're trying to crack a popular password list rockyou.txt is often used JN has its own set of word lists with thousands of common passwords making it effective at cracking week passwords by default Jon recognizes the hash type generates hashes for all passwords in the dictionary and stops when it finds a match you can customize Jon to meet your needs for example you can specify the password format using the-- format flak a quick disclaimer don't use this tool for malicious purposes this guide is meant to help you protect yourself and others from password attacks use this information responsibly to install John the Ripper if you're using Cali Linux John is pre-installed for ubun 2/ Debian you can install John with ap install John on a Mac you can install John using home brew with the command Brew install John for Windows and other operating systems you can find the binaries on the official John the Ripper website after installing use the help command to ensure it's working by typing john- JN offers three main modes single crack mode wordlist mode in incremental mode in single crack mode John generates variations of a given string to create a set of passwords for example with the username Top Gun and the password Top Gun JN generates variations like these three first we need to create a file Top Gun hases txd with the username and password hash then run this command John will ATT different variations of the username and password until it finds a match in dictionary mode you provide JN with a list of passwords JN generates hashes for these passwords and Compares them to the Target hash for example using the rocky word list the command would be like this this mode is effective for passwords that are common or easily guessable Jon will quickly identify weak passwords by comparing them to its extensive word list incremental mode is the most powerful mode where JN tries all possible character combinations it can be timec consuming if the password is long or complex use this mode only as a last resort incremental mode exhaustively tests all combinations making it capable of cracking even strong passwords but the process can take a significant amount of time for practical use cases John the Ripper can crack various types of hashes for Windows passwords which are stored in the Sam database using lm/ nlm hash format assuming you have the password hash use this command the Sam database contains encrypted passwords and John can decipher these using its powerful algorithms here's a breakdown of the command the format flag specifies the LM hash format for cracking the wind. txt is the file containing your password hashes then we use the rocky word list for the attack for Linux passwords stored in/ Etc password and/ Etc Shadow files use the unshadow command to combine these files the resulting file output . DB will be created with the combined content from SL etcp password and/ Etc Shadow here is what the output. DB file might look like the unshadow command merges the necessary files into one which John can then process to extract the password hashes and attempt to crack them for zip file passwords use the zip 2 John utility to get the password hash from a zip file then crack the hash with John zip. hases the zip 2 John utility extracts the hash from the zip file which John can then work on to discover the password to defend against password attacks use strong passwords that are long and complex the stronger the password the harder it is for tools like John the Ripper to crack them avoid reusing passwords across multiple sites if one site gets compromised all your accounts could be at risk use a password manager to generate and store random passwords securely password managers can create and remember complex passwords reducing the risk of them being cracked thanks for watching please help me reach my goal of raising $100,000 for children with cancer Link in the description [Music]